connecting tinc 1.0.36/libssl3 to older nodes?

Tue, 03 May 2022 16:07:21 -0700 

I have a small existing Tinc network to which I'm attempting to add a
new node, running Ubuntu Jammy -- but I seem to be hitting some sort of
incompatibility problem between this Tinc node and my existing Tinc
server (which runs tinc 1.0.26/libssl1.0.0).

Jammy runs Tinc 1.0.36 linked against libssl3 ... but I previously had
this VM connecting successfully to my network when it was running Ubuntu
Focal, which also has Tinc 1.0.36 but linked against libssl1.1 -- so I'm
thinking the problem is is related to the OpenSSL library change.

I did some searching on the web but did not manage to find any
discussion of this issue in Tinc, so I'm curious if anyone here is aware
of any documentation of configuration changes that might be needed to
enable compatibility between tinc-on-Jammy and older servers?

Thanks.

                                                        Nathan

p.s. In case there is no such documentation already: I did make some
progress, in that originally after upgrading to Jammy I was getting
messages error messages like these in syslog:
  Error during initialisation of cipher from [...]: error:0308010C:digital 
envelope routines::unsupported
  Error while processing METAKEY from [...]

, which I was able to resolve by enabling both legacy providers and
SECLEVEL=1 in an override openssl.cnf file.  However, I'm still getting
  Bogus data received from [...]
messages in the log on the new client, and the metaconnection never
comes up.  If I do a "-k INT" on the tincd process, it shows that the
Bogus message is in the middle of the metaconnection negotiation:

  Got METAKEY from [...]
  Sending CHALLENGE to [...]
  Sending 515 bytes of metadata to [...]
  Flushing 515 bytes to [...]
  Bogus data received from [..]
  Closing connection with [...]


I'm not sure how to determine why the reply received back from the other
node is considered "bogus"....


----------------------------------------------------------------------------
Nathan Stratton Treadway  -  natha...@ontko.com  -  Mid-Atlantic region
Ray Ontko & Co.  -  Software consulting services  -   http://www.ontko.com/
 GPG Key: http://www.ontko.com/~nathanst/gpg_key.txt   ID: 1023D/ECFB6239
 Key fingerprint = 6AD8 485E 20B9 5C71 231C  0C32 15F3 ADCD ECFB 6239
_______________________________________________
tinc mailing list
tinc@tinc-vpn.org
https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc

Reply via email to