On Tue, May 03, 2022 at 07:07:08PM -0400, Nathan Stratton Treadway wrote: > I have a small existing Tinc network to which I'm attempting to add a > new node, running Ubuntu Jammy -- but I seem to be hitting some sort of > incompatibility problem between this Tinc node and my existing Tinc > server (which runs tinc 1.0.26/libssl1.0.0). > > Jammy runs Tinc 1.0.36 linked against libssl3 ... but I previously had > this VM connecting successfully to my network when it was running Ubuntu > Focal, which also has Tinc 1.0.36 but linked against libssl1.1 -- so I'm > thinking the problem is is related to the OpenSSL library change. > > I did some searching on the web but did not manage to find any > discussion of this issue in Tinc, so I'm curious if anyone here is aware > of any documentation of configuration changes that might be needed to > enable compatibility between tinc-on-Jammy and older servers?
Hi, as far as tinc itself is concerned it should be fine if nodes are linked against different versions of OpenSSL. However, OpenSSL might have deprecated some cryptographic algorithms, and distributions might sometimes change which algorithms to enable/disable when packaging OpenSSL. Are you using the defaults from tinc, or did you specify which encryption and/or authentication algorithm to use by adding "Cipher = ..." or "Digest = ..." statements to any of tinc's configuration files? Can you tell me which distribution and its version you have on the server that runs tinc 1.0.26? I can then try to reproduce the situation. -- Met vriendelijke groet / with kind regards, Guus Sliepen <g...@tinc-vpn.org>
signature.asc
Description: PGP signature
_______________________________________________ tinc mailing list tinc@tinc-vpn.org https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc