2022-06-26 19:17:39 tinc.hphk[13324]: Connections:
2022-06-26 19:17:39 tinc.hphk[13324]: aaa at 189.167.244.243 port 8104 options
b socket 7 status 00c2 outbuf 2066/0/0
2022-06-26 19:17:39 tinc.hphk[13324]: bbb at 49.244.34.35 port 444 options d
I saw the PING/PONG sent from meta-protocol, just wondering if meta is up but
data is down, there is no way to detect?
___
tinc mailing list
tinc@tinc-vpn.org
https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
Hi,
I see there’re two configuration in tinc:
In main configuration:
BindToAddress = []
In host configuration:
Port =
So, let’s say on svr1
/etc/tinc/test/tinc.conf:
BindToAddress = ip_addr p1
BindToAddress = ip_addr p2
/etc/tinc/test/hosts/svr1:
Port = p1
On the client side c1
Hi,
Saw the below config from tinc’s manual:
UDPRcvBuf = bytes (OS default)
Sets the socket receive buffer size for the UDP socket, in bytes.
If unset, the default buffer size will be used
by the operating system.
UDPSndBuf = bytes (OS default)
Mar 11 11:24:52 box1 tincd: Trying to connect to svr1 (a.a.a.a port 443)
Mar 11 11:24:52 box1 tincd: Connected to svr1 (a.a.a.a port 443)
Mar 11 11:25:02 box1 tincd: Timeout from svr1 (a.a.a.a port 443) during
authentication
Mar 11 11:25:02 box1 tincd: Closing connection with svr1 (a.a.a.a port
ou please explain what you mean ?
>
> thank you
>
> Saverio
>
> Il giorno lun 18 feb 2019 alle ore 15:02 Bright Zhao
> ha scritto:
> >
> > Hi,
> >
> > My CentOS has upgrade the openssl to 1.1.1a, and I thought my
> tinc(1.0.35) installed by yum will use
Hi,
My CentOS has upgrade the openssl to 1.1.1a, and I thought my tinc(1.0.35)
installed by yum will use the new openssl, but it looks not the fact. So is
tinc(1.0.35) support openssl 1.1.1a? If so, how can I make it running in this
version of openssl?
Hi,
My CentOS has upgrade the openssl to 1.1.1a, and I thought my tinc(1.0.35)
installed by yum will use the new openssl, but it looks not the fact. So is
tinc(1.0.35) support openssl 1.1.1a? If so, how can I make it running in this
version of openssl?
the two tunnels tinc build just like two
interface, and do the per flow load balancing across those two interfaces.
Best Regards
Bright Zhao
✉
> On 29 Oct 2017, at 8:02 PM, Phang Mulianto <braveh...@gmail.com> wrote:
>
> Hi,
>
> You mean use the vpn link as active activ
the internet pipe of both
two circuits, so that the tunnel traffic can have a better bandwidth.
If that’s the case, is there anyway we can load-balance the traffic from LAN-1
to LAN-2’s dual internet entry point, for example, load-balance per flow.
Best Regards
Bright Zhao
Due to unknown reason, tinc failed to negotiate into UDP mode when first
connecting, but will tinc keep trying/negotiating into UDP? or it has to be
restart the tinc in order to start the negotiation process?
Best Regards
Bright Zhao
✉
___
tinc
gt; there is a UDP tinc tunnel in the middle.
>
> On 29 September 2017 at 19:34, Bright Zhao <startr...@gmail.com> wrote:
>> We knew the TCP-BBR developed by google and try to optimize the transport
>> efficiency of TCP, I’m wondering will this be bene
//ibb.co/eOS4ZF
<https://ibb.co/eOS4ZF>, the connection from client1 to a1 is much stable,
never drop after couple of days….
> On 14 Sep 2017, at 7:15 AM, Bright Zhao <startr...@gmail.com> wrote:
>
> I don't know why, but for my case, I reduced the tinc topology from a complex
>
I don't know why, but for my case, I reduced the tinc topology from a
complex one(which provide layered redundancy) to a very simpled one(one
connection), and that connection drop disappeared.
Later, let me draw the topology and share the config to you to see if
there's any findings of the cause.
Thanks, Guus, but unfortunately, both are public IP routable on Internet
without firewall/NAT.
Guus Sliepen <g...@tinc-vpn.org>于2017年9月8日 周五上午1:18写道:
> On Tue, Sep 05, 2017 at 12:27:59PM +0800, Bright Zhao wrote:
>
> > Recently, one of my tinc client always suffer
Hi, All
Recently, one of my tinc client always suffer connection drop, I was suspect
the connection was not stable to cause this issue, and BTW, I’ve set the
PingTimeout to 10 seconds already, but this situation still happens a lot
sometimes, but when the connection drop happens, the
Hi,
After I changed one host to TunnelServer mode, logging from tinc start to have
below messaging coming, is this a normal behavior, because in my /hosts folder
I don’t have B, but A received the regular symmetric key update for B?
Got KEY_CHANGED from A (x.x.x.x port 655) origin B which
other), I guess the routing depends on the host's main routing
table, for specific route it depends on which tinc interface as the "Via"
to determine this?
Guus Sliepen <g...@tinc-vpn.org>于2017年8月22日 周二下午11:10写道:
> On Sat, Aug 19, 2017 at 09:21:11AM +0800, Bright Zhao wrote:
>
Great, that's exactly what I has been looking for. Will give it a try.
Guus Sliepen <g...@tinc-vpn.org>于2017年8月22日 周二下午11:12写道:
> On Sat, Aug 19, 2017 at 08:09:52AM +0800, Bright Zhao wrote:
>
> > Reason behind that is we have some use cases wouldn’t like to make some
Two tinc networks/daemons, and received same subnet from the two daemons, how
tinc will choose which one is preferred? And the weight settings in each daemon
for subnet will or will not be the judge?
___
tinc mailing list
tinc@tinc-vpn.org
out for connection to A will be reset?)
Guus Sliepen <g...@tinc-vpn.org>于2017年8月12日 周六下午5:39写道:
> On Sat, Aug 12, 2017 at 09:17:10AM +0000, Bright Zhao wrote:
>
> > I noticed th default reconnect for the first time is 5s, if failed the
> > timer will be increase, I would lik
t; On Thu, Aug 10, 2017 at 09:37:13PM +0800, Bright Zhao wrote:
>
> > When the meta connection get lost, it’ll be reconnect like below:
> > Trying to re-establish outgoing connection in 5 seconds, and if it’s
> failed, then the timer will be increased for another try.
> >
Hi,
When the meta connection get lost, it’ll be reconnect like below:
Trying to re-establish outgoing connection in 5 seconds, and if it’s failed,
then the timer will be increased for another try.
My question is, how to adjust the reconnect timer, in some cases, the reconnect
delay for a
+1, waiting for this for quite a while.
Paul Chobert 于2017年7月26日 周三下午7:23写道:
> Hi,
>
> Is there any existing solution to install iOS9 on unjailbroken iOS devices
> ?
>
> If there is none, I'm thinking of porting tinc to iOS, I haven't looked at
> the source code much but I
gt; wrote:
>
>
>
> On 7/25/17 10:51 PM, Bright Zhao wrote:
>> I can think of run two tinc network which are two processes, other than
>> this, any other easier way to make it as one network, but B doesn’t
>> advertise the info from one side to the other side?
> Y
any anywhere anywhere
udp dpt:https
The above statement is necessary, or not?
> On 21 Jun 2017, at 8:22 AM, Bright Zhao <startr...@gmail.com> wrote:
>
> Hi, experts
>
> for example, the below case:
>
> You can see a lot of back and f
Hi, experts
for example, the below case:
You can see a lot of back and forth MTU probe packets been exchanged between
tinc nodes, but it’s weird that, from the debug log, one line shows "No
response to MTU probes from node1”, but it indeed received a lot of MTU probe
response, and finally it
I get it, you’re right. it’s out of VPN’s scope, VPN should focus on efficiency.
> On 18 Jun 2017, at 9:49 PM, hvjunk <hvj...@gmail.com> wrote:
>
>>
>> On 18 Jun 2017, at 15:44 , Bright Zhao <startr...@gmail.com
>> <mailto:startr...@gmail.com>> w
Normally, if the tinc server’s MTU discovery response can reach the tinc client
side, they always can negotiate with a certain MTU size, but the case is,
sometimes, the client sent variety size of MTU probe packet to server, but the
server never respond.
Sometimes, if I change the client
If the concern is more about the reliability instead of throughput, should I
add TCPonly = yes in the host configuration to make the VPN runs on TCP?
___
tinc mailing list
tinc@tinc-vpn.org
https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
No matter 1.0 or 1.1? Just trying to double check, because I see tincd only
runs top at 100% on a multicore CPU.
___
tinc mailing list
tinc@tinc-vpn.org
https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
Hi, All
Here is the case:
A, B, C, D all configured with "IndirectData = yes”, so connection only happens
when there’s a “ConnectTo” in tinc.conf.
Arrow indicate the “ConnectTo” direction
Everything works fine earlier as below:
1. A connect to C, D connect to C
2. C is the transit node where
in/ifconfig myvpn 10.0.0.1 netmask 255.255.255.0
> On 26 May 2017, at 6:03 PM, Guus Sliepen <g...@tinc-vpn.org> wrote:
>
> On Fri, May 26, 2017 at 09:30:44AM +0800, Bright Zhao wrote:
>
>> Due to some routing rotation purpose, I use crontab to add below info:
>>
&g
Hi, All
Due to some routing rotation purpose, I use crontab to add below info:
0 * * * * echo Subnet = 54.169.128.0/17 >> /etc/tinc/myvpn/hosts/aws_sgp
0 * * * * echo Subnet = 54.169.0.0/17 >> /etc/tinc/myvpn/hosts/aws_sgp
1 * * * * /usr/sbin/tincd -n myvpn -k
1 * * * * /usr/sbin/tincd -n myvpn
I mean, if I changed pingtimeout on tinc.conf, -kHUP will force the tinc to
re-read that parameter into effective? If no, any other ways to make it
effective other that kill the process?
for tinc 1.0.
___
tinc mailing list
tinc@tinc-vpn.org
Hi, Guus
I encounter the below log messages that after tinc run for a while, it seems
box1 begin to buffer traffic to abc, and box1 is behind a firewall to connect
abc from firewall’s inside to outside, and abc is on the public internet.
Normally the major traffic is actually from abc to
Hi, experts
I found the tun0 is 10Mb/s and I installed vnstat to monitor the tinc vpn
traffic statistic, but due to 10Mb/s, the vnstat couldn’t update it’s database
due to low speed rate, so anyway to change the tun from10Mb/s to higher?
[root@box1 ~]# vnstat -u
Info: Traffic rate for "myvpn"
to
forward(if direct not possible, and same hops to the destination)?
4. When will 1.1 been released as official version?
Sent from iPhone
> 在 2017年5月11日,上午2:02,Guus Sliepen <g...@tinc-vpn.org> 写道:
>
>> On Wed, May 10, 2017 at 03:41:46PM +0800, Bright Zhao wrote:
>>
Will the later one can't get onto the tinc domain, or either one may get
disconnected?
I may give a try later to validate this.
Sent from iPhone
> 在 2017年5月11日,上午1:46,Guus Sliepen <g...@tinc-vpn.org> 写道:
>
>> On Tue, May 09, 2017 at 05:28:43PM +0800, Bright Zhao wrote:
>
Hi, tinc experts
abc to def at x.x.x.x port 655 options d weight 540
How’s the 540 weight been calculated? What does it mean? How can I leverage
this weight?
The d of after options mean direct?
___
tinc mailing list
tinc@tinc-vpn.org
ot work on Windows.
>
> Both of these are in the tinc manual
> (http://tinc-vpn.org/documentation/tinc.pdf
> <http://tinc-vpn.org/documentation/tinc.pdf>).
> <>
> From: tinc [mailto:tinc-boun...@tinc-vpn.org] On Behalf Of Bright Zhao
> Sent: Saturday, May 6, 2
I mean exactly the same configuration, including the pub-pri key.
Sent from iPhone
___
tinc mailing list
tinc@tinc-vpn.org
https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
1. Is there any tools/command, we can show the subnet where a certain tinc
nodes learnt? So that I can know the weight for certain subnet(in real time),
instead of go back to the node’s (who advertise the subnet) configuration file
to check.
2. So far in order to change the weight of a
Hi, All
Two remote tinc nodes(A, B) advertised the same route to the Tinc domain, and
the local tinc node(C) has two ConnectTo to point to those two remote nodes,
and I found, and let’s assume connection from C to A is better than C to B
(better latency from ping) :
1. when two remote nodes
.
> On 4 May 2017, at 12:15 AM, Guus Sliepen <g...@tinc-vpn.org> wrote:
>
> On Wed, May 03, 2017 at 02:15:36PM +0800, Bright Zhao wrote:
>
>> 1. The destination of IPv4 wouldn’t be changed, Yes I agree, that’s the goal
>> and final destination for the communicatio
pn.org> wrote:
>
> On Tue, May 02, 2017 at 08:46:45PM +0800, Bright Zhao wrote:
>
>> For use case of multi-tenancy use case, should I use multiple netnames
>> (/etc/tinc/tenant1, /etc/tinc/tenant2/, etc.) for the network, so that even
>> different tenant have overlap
/www.tinc-vpn.org/examples/redirect-gateway/
<https://www.tinc-vpn.org/examples/redirect-gateway/>
> On 3 May 2017, at 12:36 AM, Guus Sliepen <g...@tinc-vpn.org> wrote:
>
> On Tue, May 02, 2017 at 09:53:15PM +0800, Bright Zhao wrote:
>
>> When tinc daemon get up
as possible), that’s
why I turned IndirectData = yes to only tunnel formed under ConnectTo statement.
Earlier, my understanding is everything is follow the route table, but
according to the case below, sometime it’s not.
> On 2 May 2017, at 9:53 PM, Bright Zhao <startr...@gmail.com&
, but it isn’t.
Is above right?
> On 2 May 2017, at 6:33 PM, Lars Kruse <li...@sumpfralle.de> wrote:
>
> Hello,
>
>
> Am Tue, 2 May 2017 09:16:53 +0800
> schrieb Bright Zhao <startr...@gmail.com>:
>
>> [..]
>> Since A have both ConnectTo to B and C(To D thro
ing / technical
intro for the tinc besides the documentation part from tinc-von.org?
> On 2 May 2017, at 1:43 PM, Guus Sliepen <g...@tinc-vpn.org> wrote:
>
> On Tue, May 02, 2017 at 09:16:53AM +0800, Bright Zhao wrote:
>
>> In this case, A's traffic route to Internet is go throu
Hi, Tinc expert
If there’re multiple tinc nodes announce default route in their host
configuration of Subnet = 0.0.0.0/0, how for the remaining nodes to select
which is the best route to get out?
All of them participant in the same tinc net.
I did some test, like A as the branch, B,C,D as the
n
> encrypted VLAN.
>
>
>
> On 05/01/2017 12:00 PM, Bright Zhao wrote:
>> Hi, Tinc experts
>>
>> Diagram as below, A is trying to access host X behind C:
>>
>> A >> B >> C — “host X"
>>
>> B is the tinc server fo
also dropped.
> On 1 May 2017, at 6:33 PM, Etienne Dechamps <etie...@edechamps.fr> wrote:
>
> Yes. Look up the "IndirectData" configuration option.
>
> On 1 May 2017 at 11:30, Bright Zhao <startr...@gmail.com
> <mailto:startr...@gmail.com>> wrote:
>
nVPN or other "point-to-point" VPN solutions. tinc's purpose
> is to build a reliable, self-routing VPN out of a large mesh network of
> nodes; it makes little sense to use it for simple point-to-point connections.
>
> On 30 April 2017 at 00:53, Bright Zhao <startr...@gmai
from A’s routing table, or
manually block the connection between A and C)
> On 1 May 2017, at 6:28 PM, Bright Zhao <startr...@gmail.com> wrote:
>
> Hi, Etienne
>
> Exactly, I just did the test, remove the Subnet = X/32 from B, so I
> understood that the Subnet on host c
ngs to C, and that
> any packets meant for X should therefore be sent to C.
>
> These packets will then be sent directly to C using UDP (tinc is clever and
> will try various NAT traversal techniques). If that's not possible for any
> reason, tinc will automatically fall back to
Hi, Tinc experts
Diagram as below, A is trying to access host X behind C:
A >> B >> C — “host X"
B is the tinc server for A, but also B is the tinc client to connect to C.
My question is, if I only use one VPN (/etc/tinc/myvpn), then the host
configuration for B will be tricky.
As the tinc
ng for incoming
> connections(both tcp and udp), if A have exposed its listening ports, a
> direct connection will be tried to build between the nodes, otherwise it will
> go from the intermediate node.
>
> --
> Narcissus Emi
> 日時: 2017年5月1日 15:12:16, Bright Zhao (startr...@gmai
gt;
> --
> Narcissus Emi
> 日時: 2017年5月1日 14:15:14, Bright Zhao (startr...@gmail.com
> <mailto:startr...@gmail.com>) が書きました::
>
>> Hi, Tinc Expert
>>
>> in my tinc.conf, the ConnectTo to host X is commented, like below:
>>
>> #ConnectTo = X
in the tinc.conf is
connection by sequence which is a failover machoism, instead of "connect them
all"? But multiple netname can do the “connect them all"
--
Bright Zhao sent from Gmail___
tinc mailing list
tinc@tinc-vpn.org
https://www.tinc-
60 matches
Mail list logo