<div dir="ltr"><div style="font-size:12.8px;text-decoration-style:initial;text-decoration-color:initial">Dear tinc-list,</div><div style="font-size:12.8px;text-decoration-style:initial;text-decoration-color:initial"><br></div><div style="font-size:12.8px;text-decoration-style:initial;text-decoration-color:initial">I am a happy tinc user for many years and am using several different VPNs. However today I was unable to add a new server to my "backbone" VPN. I hope it is okay that I write this issue to this list as hours of googling did not help.</div><div style="font-size:12.8px;text-decoration-style:initial;text-decoration-color:initial"><br></div><div style="font-size:12.8px;text-decoration-style:initial;text-decoration-color:initial">My setup consists of several servers, all tincing happily ever after. "kallisto" as one of them is happy talking to other servers, and i want to add "3data"</div><div style="font-size:12.8px;text-decoration-style:initial;text-decoration-color:initial"><br></div><div style="font-size:12.8px;text-decoration-style:initial;text-decoration-color:initial">however kallisto complains in his syslog:</div><div style="font-size:12.8px;text-decoration-style:initial;text-decoration-color:initial"><div>Error during decryption of meta key for 3data (x.x.x.x port XXXX): error:04065084:rsa routines:rsa_ossl_private_<wbr>decrypt:data too large for modulus</div><div>Error while processing METAKEY from 3data (...)</div><div>Bogus data received from 3data (...)</div></div><div style="font-size:12.8px;text-decoration-style:initial;text-decoration-color:initial"><br></div><div style="font-size:12.8px;text-decoration-style:initial;text-decoration-color:initial">Stuff I tried:</div><div style="font-size:12.8px;text-decoration-style:initial;text-decoration-color:initial">- regenerating the keys serveral times, including a smaller 1024 RSA key</div><div style="font-size:12.8px;text-decoration-style:initial;text-decoration-color:initial">- explicit settings for Digest and Cipher</div><div style="font-size:12.8px;text-decoration-style:initial;text-decoration-color:initial">- swapping server & client</div><div style="font-size:12.8px;text-decoration-style:initial;text-decoration-color:initial"><br></div><div style="font-size:12.8px;text-decoration-style:initial;text-decoration-color:initial">Configuration:</div><div style="font-size:12.8px;text-decoration-style:initial;text-decoration-color:initial">- kallisto conf</div><div style="font-size:12.8px;text-decoration-style:initial;text-decoration-color:initial"><div>Name = kallisto</div><div>Port = XX</div><div><br></div><div>ConnectTo = ganymed</div><div>ConnectTo = 3data</div></div><div style="font-size:12.8px;text-decoration-style:initial;text-decoration-color:initial"><br></div><div style="font-size:12.8px;text-decoration-style:initial;text-decoration-color:initial">- kallisto host file</div><div style="font-size:12.8px;text-decoration-style:initial;text-decoration-color:initial"><div>Address = kallisto...</div><div>Port = XX</div><div>Subnet =<span> </span><a href="http://10.4.2.113/32" target="_blank" style="color:rgb(17,85,204)">10.4.2.113/32</a></div><div><br></div><div>-----BEGIN RSA PUBLIC KEY-----</div></div><div style="font-size:12.8px;text-decoration-style:initial;text-decoration-color:initial">...</div><div style="font-size:12.8px;text-decoration-style:initial;text-decoration-color:initial"><br></div><div style="font-size:12.8px;text-decoration-style:initial;text-decoration-color:initial">- 3data conf:</div><div style="font-size:12.8px;text-decoration-style:initial;text-decoration-color:initial"><div>Name = 3data</div><div>Port = XX</div><div><br></div></div><div style="font-size:12.8px;text-decoration-style:initial;text-decoration-color:initial">- 3data host file:</div><div style="font-size:12.8px;text-decoration-style:initial;text-decoration-color:initial">Address = 3data...<br></div><div style="font-size:12.8px;text-decoration-style:initial;text-decoration-color:initial"><div>Port = XX</div><div>Subnet =<span> </span><a href="http://10.4.2.111/32" target="_blank" style="color:rgb(17,85,204)">10.4.2.111/32</a></div><div><br></div><div>-----BEGIN RSA PUBLIC KEY-----<br></div></div><div style="font-size:12.8px;text-decoration-style:initial;text-decoration-color:initial">...</div><div style="font-size:12.8px;text-decoration-style:initial;text-decoration-color:initial"><br></div><div style="font-size:12.8px;text-decoration-style:initial;text-decoration-color:initial">Both Servers are running tinc version 1.0.31 on Debian 9 (stretch).</div><div style="font-size:12.8px;text-decoration-style:initial;text-decoration-color:initial"><br></div><div style="font-size:12.8px;text-decoration-style:initial;text-decoration-color:initial">The most promising thread was this one: <a href="https://www.tinc-vpn.org/pipermail/tinc/2012-September/003056.html" target="_blank" style="color:rgb(17,85,204)">https://www.tinc-vpn.org/<wbr>pipermail/tinc/2012-September/<wbr>003056.html</a></div><div style="font-size:12.8px;text-decoration-style:initial;text-decoration-color:initial">But I am using neither flag.</div><div style="font-size:12.8px;text-decoration-style:initial;text-decoration-color:initial"><br></div><div style="font-size:12.8px;text-decoration-style:initial;text-decoration-color:initial">Any help is appreciated,</div><div style="font-size:12.8px;text-decoration-style:initial;text-decoration-color:initial"><br></div><div style="font-size:12.8px;text-decoration-style:initial;text-decoration-color:initial">Thanks in advance,</div><div style="font-size:12.8px;text-decoration-style:initial;text-decoration-color:initial">Gerald</div><br></div>