<div dir="ltr"><div><div><div>Thanks Guus<br><br></div>I have one more question. <br></div><div><br></div><div>- We see several log messages that we dont currently understand - Can you comment on what they mean and if they are concerning? I've obfuscated IP's and node names so please ignore those. Our tinc daemon command is: tincd -n <vpn name> <br></div><div><br></div><div>-- Received short packet</div><div>-- Got REQ_KEY from node003 while we already started a SPTPS session!<br></div></div>-- Invalid packet seqno: 7951 != 1 from node003 (22.22.22.22 port 655)<br>-- Failed to verify SIG record from node003 (22.22.22.22 port 655)<br>-- message repeated 3 times: [ Received short packet]<br>-- Metadata socket read error for node004 (33.33.33.33 port 655): Connection reset by peer<br>-- Failed to decrypt and verify packet from node005 (44.44.44.44 port 655)<br></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature"> -nirmal</div></div>
<br><div class="gmail_quote">On Tue, Aug 22, 2017 at 11:08 PM, Guus Sliepen <span dir="ltr"><<a href="mailto:guus@tinc-vpn.org" target="_blank">guus@tinc-vpn.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On Tue, Aug 22, 2017 at 03:19:18PM -0700, Nirmal Thacker wrote:<br>
<br>
> - How do we patch 1.1pre14 with this fix? Or will there be a 1.1pre15 to<br>
> upgrade to?<br>
<br>
</span>There will be an 1.1pre15, but if you want you can apply the following<br>
commit:<br>
<br>
<a href="https://tinc-vpn.org/git/browse?p=tinc;a=commitdiff;h=92fdabc439bdb5e16f64a4bf2ed1deda54f7c544" rel="noreferrer" target="_blank">https://tinc-vpn.org/git/<wbr>browse?p=tinc;a=commitdiff;h=<wbr>92fdabc439bdb5e16f64a4bf2ed1de<wbr>da54f7c544</a><br>
<span class=""><br>
> - What is the workaround until we patch with this fix? Using a combination<br>
> of AutoConnect and ConnectTo?<br>
<br>
</span>Yes.<br>
<span class=""><br>
> - When we use ConnectTo, is it mandatory to have a cert file in the hosts/*<br>
> dir with an IP to ConnectTo ?<br>
<br>
</span>Yes. Tinc always needs the public key of a peer and an Address in order<br>
to be able to connect to it.<br>
<div class="HOEnZb"><div class="h5"><br>
--<br>
Met vriendelijke groet / with kind regards,<br>
Guus Sliepen <<a href="mailto:guus@tinc-vpn.org">guus@tinc-vpn.org</a>><br>
</div></div><br>______________________________<wbr>_________________<br>
tinc mailing list<br>
<a href="mailto:tinc@tinc-vpn.org">tinc@tinc-vpn.org</a><br>
<a href="https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc" rel="noreferrer" target="_blank">https://www.tinc-vpn.org/cgi-<wbr>bin/mailman/listinfo/tinc</a><br>
<br></blockquote></div><br></div>