status code between 01c2 and 00c2

2022-06-26 19:17:39 tinc.hphk[13324]: Connections: 2022-06-26 19:17:39 tinc.hphk[13324]: aaa at 189.167.244.243 port 8104 options b socket 7 status 00c2 outbuf 2066/0/0 2022-06-26 19:17:39 tinc.hphk[13324]: bbb at 49.244.34.35 port 444 options d

why not check the data-plane liveness?

I saw the PING/PONG sent from meta-protocol, just wondering if meta is up but data is down, there is no way to detect? ___ tinc mailing list tinc@tinc-vpn.org https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc

Port used for meta-connection and data transfer

Hi, I see there’re two configuration in tinc: In main configuration: BindToAddress = [] In host configuration: Port = So, let’s say on svr1 /etc/tinc/test/tinc.conf: BindToAddress = ip_addr p1 BindToAddress = ip_addr p2 /etc/tinc/test/hosts/svr1: Port = p1 On the client side c1

UDPbuffer adjustment

Hi, Saw the below config from tinc’s manual: UDPRcvBuf = bytes (OS default) Sets the socket receive buffer size for the UDP socket, in bytes. If unset, the default buffer size will be used by the operating system. UDPSndBuf = bytes (OS default)

Sometimes can't establish tinc connection due to authentication timeout?

Mar 11 11:24:52 box1 tincd: Trying to connect to svr1 (a.a.a.a port 443) Mar 11 11:24:52 box1 tincd: Connected to svr1 (a.a.a.a port 443) Mar 11 11:25:02 box1 tincd: Timeout from svr1 (a.a.a.a port 443) during authentication Mar 11 11:25:02 box1 tincd: Closing connection with svr1 (a.a.a.a port

Re: How to run tinc under openssl 1.1.1a?

ou please explain what you mean ? > > thank you > > Saverio > > Il giorno lun 18 feb 2019 alle ore 15:02 Bright Zhao > ha scritto: > > > > Hi, > > > > My CentOS has upgrade the openssl to 1.1.1a, and I thought my > tinc(1.0.35) installed by yum will use

How to run tinc under openssl 1.1.1a?

Hi, My CentOS has upgrade the openssl to 1.1.1a, and I thought my tinc(1.0.35) installed by yum will use the new openssl, but it looks not the fact. So is tinc(1.0.35) support openssl 1.1.1a? If so, how can I make it running in this version of openssl?

How to run tinc under openssl 1.1.1a?

Hi, My CentOS has upgrade the openssl to 1.1.1a, and I thought my tinc(1.0.35) installed by yum will use the new openssl, but it looks not the fact. So is tinc(1.0.35) support openssl 1.1.1a? If so, how can I make it running in this version of openssl?

Re: Tinc support load-balance of one node to the other two?

the two tunnels tinc build just like two interface, and do the per flow load balancing across those two interfaces. Best Regards Bright Zhao ✉ > On 29 Oct 2017, at 8:02 PM, Phang Mulianto <braveh...@gmail.com> wrote: > > Hi, > > You mean use the vpn link as active activ

Tinc support load-balance of one node to the other two?

the internet pipe of both two circuits, so that the tunnel traffic can have a better bandwidth. If that’s the case, is there anyway we can load-balance the traffic from LAN-1 to LAN-2’s dual internet entry point, for example, load-balance per flow. Best Regards Bright Zhao

Will tinc try go re-negotiate to UDP if failed to TCP at beginning?

Due to unknown reason, tinc failed to negotiate into UDP mode when first connecting, but will tinc keep trying/negotiating into UDP? or it has to be restart the tinc in order to start the negotiation process? Best Regards Bright Zhao ✉ ___ tinc

Re: Anyone tried tinc with TCP-BBR?

gt; there is a UDP tinc tunnel in the middle. > > On 29 September 2017 at 19:34, Bright Zhao <startr...@gmail.com> wrote: >> We knew the TCP-BBR developed by google and try to optimize the transport >> efficiency of TCP, I’m wondering will this be bene

Re: Packet capture to analysis the tinc connection close

//ibb.co/eOS4ZF <https://ibb.co/eOS4ZF>, the connection from client1 to a1 is much stable, never drop after couple of days…. > On 14 Sep 2017, at 7:15 AM, Bright Zhao <startr...@gmail.com> wrote: > > I don't know why, but for my case, I reduced the tinc topology from a complex >

Re: Packet capture to analysis the tinc connection close

I don't know why, but for my case, I reduced the tinc topology from a complex one(which provide layered redundancy) to a very simpled one(one connection), and that connection drop disappeared. Later, let me draw the topology and share the config to you to see if there's any findings of the cause.

Re: Packet capture to analysis the tinc connection close

Thanks, Guus, but unfortunately, both are public IP routable on Internet without firewall/NAT. Guus Sliepen <g...@tinc-vpn.org>于2017年9月8日 周五上午1:18写道： > On Tue, Sep 05, 2017 at 12:27:59PM +0800, Bright Zhao wrote: > > > Recently, one of my tinc client always suffer

Packet capture to analysis the tinc connection close

Hi, All Recently, one of my tinc client always suffer connection drop, I was suspect the connection was not stable to cause this issue, and BTW, I’ve set the PingTimeout to 10 seconds already, but this situation still happens a lot sometimes, but when the connection drop happens, the

Got KEY_CHANGED from A (x.x.x.x port 655) origin B which does not exist

Hi, After I changed one host to TunnelServer mode, logging from tinc start to have below messaging coming, is this a normal behavior, because in my /hosts folder I don’t have B, but A received the regular symmetric key update for B? Got KEY_CHANGED from A (x.x.x.x port 655) origin B which

Re: What if two tinc daemons received the same Subnet but with different weight?

other), I guess the routing depends on the host's main routing table, for specific route it depends on which tinc interface as the "Via" to determine this? Guus Sliepen <g...@tinc-vpn.org>于2017年8月22日 周二下午11:10写道： > On Sat, Aug 19, 2017 at 09:21:11AM +0800, Bright Zhao wrote: >

Re: How to set tinc not to forward Subnet learned from other nodes?

Great, that's exactly what I has been looking for. Will give it a try. Guus Sliepen <g...@tinc-vpn.org>于2017年8月22日 周二下午11:12写道： > On Sat, Aug 19, 2017 at 08:09:52AM +0800, Bright Zhao wrote: > > > Reason behind that is we have some use cases wouldn’t like to make some

What if two tinc daemons received the same Subnet but with different weight?

Two tinc networks/daemons, and received same subnet from the two daemons, how tinc will choose which one is preferred? And the weight settings in each daemon for subnet will or will not be the judge? ___ tinc mailing list tinc@tinc-vpn.org

Re: The reconnect timer can be adjusted in 1.0.31?

out for connection to A will be reset?) Guus Sliepen <g...@tinc-vpn.org>于2017年8月12日 周六下午5:39写道： > On Sat, Aug 12, 2017 at 09:17:10AM +0000, Bright Zhao wrote: > > > I noticed th default reconnect for the first time is 5s, if failed the > > timer will be increase, I would lik

Re: The reconnect timer can be adjusted in 1.0.31?

t; On Thu, Aug 10, 2017 at 09:37:13PM +0800, Bright Zhao wrote: > > > When the meta connection get lost, it’ll be reconnect like below: > > Trying to re-establish outgoing connection in 5 seconds, and if it’s > failed, then the timer will be increased for another try. > >

The reconnect timer can be adjusted in 1.0.31?

Hi, When the meta connection get lost, it’ll be reconnect like below: Trying to re-establish outgoing connection in 5 seconds, and if it’s failed, then the timer will be increased for another try. My question is, how to adjust the reconnect timer, in some cases, the reconnect delay for a

Re: Tinc VPN for unjailbroken iOS 9+

+1, waiting for this for quite a while. Paul Chobert 于2017年7月26日 周三下午7:23写道： > Hi, > > Is there any existing solution to install iOS9 on unjailbroken iOS devices > ? > > If there is none, I'm thinking of porting tinc to iOS, I haven't looked at > the source code much but I

Re: How to block tinc node advertise it's neighbor/edge/subnet info to another node?

gt; wrote: > > > > On 7/25/17 10:51 PM, Bright Zhao wrote: >> I can think of run two tinc network which are two processes, other than >> this, any other easier way to make it as one network, but B doesn’t >> advertise the info from one side to the other side? > Y

Re: How to diagnostic UDP discovery failed situation

any anywhere anywhere udp dpt:https The above statement is necessary, or not? > On 21 Jun 2017, at 8:22 AM, Bright Zhao <startr...@gmail.com> wrote: > > Hi, experts > > for example, the below case: > > You can see a lot of back and f

How to diagnostic UDP discovery failed situation

Hi, experts for example, the below case: You can see a lot of back and forth MTU probe packets been exchanged between tinc nodes, but it’s weird that, from the debug log, one line shows "No response to MTU probes from node1”, but it indeed received a lot of MTU probe response, and finally it

Re: Reliability between TCPonly and UDP for tinc?

I get it, you’re right. it’s out of VPN’s scope, VPN should focus on efficiency. > On 18 Jun 2017, at 9:49 PM, hvjunk <hvj...@gmail.com> wrote: > >> >> On 18 Jun 2017, at 15:44 , Bright Zhao <startr...@gmail.com >> <mailto:startr...@gmail.com>> w

Why sometimes the MTU discovery by UDP never get a response?

Normally, if the tinc server’s MTU discovery response can reach the tinc client side, they always can negotiate with a certain MTU size, but the case is, sometimes, the client sent variety size of MTU probe packet to server, but the server never respond. Sometimes, if I change the client

Reliability between TCPonly and UDP for tinc?

If the concern is more about the reliability instead of throughput, should I add TCPonly = yes in the host configuration to make the VPN runs on TCP? ___ tinc mailing list tinc@tinc-vpn.org https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc

Tinc still run on single core of CPU?

No matter 1.0 or 1.1? Just trying to double check, because I see tincd only runs top at 100% on a multicore CPU. ___ tinc mailing list tinc@tinc-vpn.org https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc

Cache of the the unreachable nodes cause un-optimized route?

Hi, All Here is the case: A, B, C, D all configured with "IndirectData = yes”, so connection only happens when there’s a “ConnectTo” in tinc.conf. Arrow indicate the “ConnectTo” direction Everything works fine earlier as below: 1. A connect to C, D connect to C 2. C is the transit node where

Re: What/why this event happens: Can't write to Linux tun/tap device (tun mode) /dev/net/tun: Input/output error

in/ifconfig myvpn 10.0.0.1 netmask 255.255.255.0 > On 26 May 2017, at 6:03 PM, Guus Sliepen <g...@tinc-vpn.org> wrote: > > On Fri, May 26, 2017 at 09:30:44AM +0800, Bright Zhao wrote: > >> Due to some routing rotation purpose, I use crontab to add below info: >> &g

What/why this event happens: Can't write to Linux tun/tap device (tun mode) /dev/net/tun: Input/output error

Hi, All Due to some routing rotation purpose, I use crontab to add below info: 0 * * * * echo Subnet = 54.169.128.0/17 >> /etc/tinc/myvpn/hosts/aws_sgp 0 * * * * echo Subnet = 54.169.0.0/17 >> /etc/tinc/myvpn/hosts/aws_sgp 1 * * * * /usr/sbin/tincd -n myvpn -k 1 * * * * /usr/sbin/tincd -n myvpn

Does the INT signal will force the tinc to re-read the tinc.conf file

I mean, if I changed pingtimeout on tinc.conf, -kHUP will force the tinc to re-read that parameter into effective? If no, any other ways to make it effective other that kill the process? for tinc 1.0. ___ tinc mailing list tinc@tinc-vpn.org

How to improve/resolve the Flushing xxx bytes to node would block?

Hi, Guus I encounter the below log messages that after tinc run for a while, it seems box1 begin to buffer traffic to abc, and box1 is behind a firewall to connect abc from firewall’s inside to outside, and abc is on the public internet. Normally the major traffic is actually from abc to

How can I change the speed of tun interface?

Hi, experts I found the tun0 is 10Mb/s and I installed vnstat to monitor the tinc vpn traffic statistic, but due to 10Mb/s, the vnstat couldn’t update it’s database due to low speed rate, so anyway to change the tun from10Mb/s to higher? [root@box1 ~]# vnstat -u Info: Traffic rate for "myvpn"

Re: What's the weight means in the dump of edge info from USR2?

to forward(if direct not possible, and same hops to the destination)? 4. When will 1.1 been released as official version? Sent from iPhone > 在 2017年5月11日，上午2:02，Guus Sliepen <g...@tinc-vpn.org> 写道： > >> On Wed, May 10, 2017 at 03:41:46PM +0800, Bright Zhao wrote: >>

Re: If two identical host get up, what will happen?

Will the later one can't get onto the tinc domain, or either one may get disconnected? I may give a try later to validate this. Sent from iPhone > 在 2017年5月11日，上午1:46，Guus Sliepen <g...@tinc-vpn.org> 写道： > >> On Tue, May 09, 2017 at 05:28:43PM +0800, Bright Zhao wrote: >

What's the weight means in the dump of edge info from USR2?

Hi, tinc experts abc to def at x.x.x.x port 655 options d weight 540 How’s the 540 weight been calculated? What does it mean? How can I leverage this weight? The d of after options mean direct? ___ tinc mailing list tinc@tinc-vpn.org

Re: Show the subnets learnt and update configuration without reset?

ot work on Windows. > > Both of these are in the tinc manual > (http://tinc-vpn.org/documentation/tinc.pdf > <http://tinc-vpn.org/documentation/tinc.pdf>). >   <> > From: tinc [mailto:tinc-boun...@tinc-vpn.org] On Behalf Of Bright Zhao > Sent: Saturday, May 6, 2

If two identical host get up, what will happen?

I mean exactly the same configuration, including the pub-pri key. Sent from iPhone ___ tinc mailing list tinc@tinc-vpn.org https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc

Show the subnets learnt and update configuration without reset?

1. Is there any tools/command, we can show the subnet where a certain tinc nodes learnt? So that I can know the weight for certain subnet(in real time), instead of go back to the node’s (who advertise the subnet) configuration file to check. 2. So far in order to change the weight of a

How tinc route traffic when two subnets are identical?

Hi, All Two remote tinc nodes(A, B) advertised the same route to the Tinc domain, and the local tinc node(C) has two ConnectTo to point to those two remote nodes, and I found, and let’s assume connection from C to A is better than C to B (better latency from ping) : 1. when two remote nodes

Re: Multiple default gateway from tinc node

. > On 4 May 2017, at 12:15 AM, Guus Sliepen <g...@tinc-vpn.org> wrote: > > On Wed, May 03, 2017 at 02:15:36PM +0800, Bright Zhao wrote: > >> 1. The destination of IPv4 wouldn’t be changed, Yes I agree, that’s the goal >> and final destination for the communicatio

Re: Multi tenancy setup by Tinc?

pn.org> wrote: > > On Tue, May 02, 2017 at 08:46:45PM +0800, Bright Zhao wrote: > >> For use case of multi-tenancy use case, should I use multiple netnames >> (/etc/tinc/tenant1, /etc/tinc/tenant2/, etc.) for the network, so that even >> different tenant have overlap

Re: Multiple default gateway from tinc node

/www.tinc-vpn.org/examples/redirect-gateway/ <https://www.tinc-vpn.org/examples/redirect-gateway/> > On 3 May 2017, at 12:36 AM, Guus Sliepen <g...@tinc-vpn.org> wrote: > > On Tue, May 02, 2017 at 09:53:15PM +0800, Bright Zhao wrote: > >> When tinc daemon get up

Re: Multiple default gateway from tinc node

as possible), that’s why I turned IndirectData = yes to only tunnel formed under ConnectTo statement. Earlier, my understanding is everything is follow the route table, but according to the case below, sometime it’s not. > On 2 May 2017, at 9:53 PM, Bright Zhao <startr...@gmail.com&

Re: Multiple default gateway from tinc node

, but it isn’t. Is above right? > On 2 May 2017, at 6:33 PM, Lars Kruse <li...@sumpfralle.de> wrote: > > Hello, > > > Am Tue, 2 May 2017 09:16:53 +0800 > schrieb Bright Zhao <startr...@gmail.com>: > >> [..] >> Since A have both ConnectTo to B and C(To D thro

Re: Multiple default gateway from tinc node

ing / technical intro for the tinc besides the documentation part from tinc-von.org? > On 2 May 2017, at 1:43 PM, Guus Sliepen <g...@tinc-vpn.org> wrote: > > On Tue, May 02, 2017 at 09:16:53AM +0800, Bright Zhao wrote: > >> In this case, A's traffic route to Internet is go throu

Multiple default gateway from tinc node

Hi, Tinc expert If there’re multiple tinc nodes announce default route in their host configuration of Subnet = 0.0.0.0/0, how for the remaining nodes to select which is the best route to get out? All of them participant in the same tinc net. I did some test, like A as the branch, B,C,D as the

Re: How to set Subnet in a node which act as both server and client role?

n > encrypted VLAN. > > > > On 05/01/2017 12:00 PM, Bright Zhao wrote: >> Hi, Tinc experts >> >> Diagram as below, A is trying to access host X behind C: >> >> A >> B >> C — “host X" >> >> B is the tinc server fo

Re: How to set Subnet in a node which act as both server and client role?

also dropped. > On 1 May 2017, at 6:33 PM, Etienne Dechamps <etie...@edechamps.fr> wrote: > > Yes. Look up the "IndirectData" configuration option. > > On 1 May 2017 at 11:30, Bright Zhao <startr...@gmail.com > <mailto:startr...@gmail.com>> wrote: >

Re: Concept clarification between multiple ConnecTo and multiple netname

nVPN or other "point-to-point" VPN solutions. tinc's purpose > is to build a reliable, self-routing VPN out of a large mesh network of > nodes; it makes little sense to use it for simple point-to-point connections. > > On 30 April 2017 at 00:53, Bright Zhao <startr...@gmai

Re: How to set Subnet in a node which act as both server and client role?

from A’s routing table, or manually block the connection between A and C) > On 1 May 2017, at 6:28 PM, Bright Zhao <startr...@gmail.com> wrote: > > Hi, Etienne > > Exactly, I just did the test, remove the Subnet = X/32 from B, so I > understood that the Subnet on host c

Re: How to set Subnet in a node which act as both server and client role?

ngs to C, and that > any packets meant for X should therefore be sent to C. > > These packets will then be sent directly to C using UDP (tinc is clever and > will try various NAT traversal techniques). If that's not possible for any > reason, tinc will automatically fall back to

How to set Subnet in a node which act as both server and client role?

Hi, Tinc experts Diagram as below, A is trying to access host X behind C: A >> B >> C — “host X" B is the tinc server for A, but also B is the tinc client to connect to C. My question is, if I only use one VPN (/etc/tinc/myvpn), then the host configuration for B will be tricky. As the tinc

Re: Why host-up script triggered even not ConnectTo?

ng for incoming > connections(both tcp and udp), if A have exposed its listening ports, a > direct connection will be tried to build between the nodes, otherwise it will > go from the intermediate node. > > -- > Narcissus Emi > 日時: 2017年5月1日 15:12:16, Bright Zhao (startr...@gmai

Re: Why host-up script triggered even not ConnectTo?

gt; > -- > Narcissus Emi > 日時: 2017年5月1日 14:15:14, Bright Zhao (startr...@gmail.com > <mailto:startr...@gmail.com>) が書きました:: > >> Hi, Tinc Expert >> >> in my tinc.conf, the ConnectTo to host X is commented, like below: >> >> #ConnectTo = X

Concept clarification between multiple ConnecTo and multiple netname

in the tinc.conf is connection by sequence which is a failover machoism, instead of "connect them all"? But multiple netname can do the “connect them all" -- Bright Zhao sent from Gmail___ tinc mailing list tinc@tinc-vpn.org https://www.tinc-