I have a small existing Tinc network to which I'm attempting to add a new node, running Ubuntu Jammy -- but I seem to be hitting some sort of incompatibility problem between this Tinc node and my existing Tinc server (which runs tinc 1.0.26/libssl1.0.0).
Jammy runs Tinc 1.0.36 linked against libssl3 ... but I previously had this VM connecting successfully to my network when it was running Ubuntu Focal, which also has Tinc 1.0.36 but linked against libssl1.1 -- so I'm thinking the problem is is related to the OpenSSL library change. I did some searching on the web but did not manage to find any discussion of this issue in Tinc, so I'm curious if anyone here is aware of any documentation of configuration changes that might be needed to enable compatibility between tinc-on-Jammy and older servers? Thanks. Nathan p.s. In case there is no such documentation already: I did make some progress, in that originally after upgrading to Jammy I was getting messages error messages like these in syslog: Error during initialisation of cipher from [...]: error:0308010C:digital envelope routines::unsupported Error while processing METAKEY from [...] , which I was able to resolve by enabling both legacy providers and SECLEVEL=1 in an override openssl.cnf file. However, I'm still getting Bogus data received from [...] messages in the log on the new client, and the metaconnection never comes up. If I do a "-k INT" on the tincd process, it shows that the Bogus message is in the middle of the metaconnection negotiation: Got METAKEY from [...] Sending CHALLENGE to [...] Sending 515 bytes of metadata to [...] Flushing 515 bytes to [...] Bogus data received from [..] Closing connection with [...] I'm not sure how to determine why the reply received back from the other node is considered "bogus".... ---------------------------------------------------------------------------- Nathan Stratton Treadway - natha...@ontko.com - Mid-Atlantic region Ray Ontko & Co. - Software consulting services - http://www.ontko.com/ GPG Key: http://www.ontko.com/~nathanst/gpg_key.txt ID: 1023D/ECFB6239 Key fingerprint = 6AD8 485E 20B9 5C71 231C 0C32 15F3 ADCD ECFB 6239 _______________________________________________ tinc mailing list tinc@tinc-vpn.org https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc