Description of problem: Tinc (http://www.tinc-vpn.org/) is a popular, cross-distro VPN solution that allows MESH networks. For RedHat family, it is available in Fedora EPEL. According to documentation, tinc uses port 655 for its VPN interface (http://tinc-vpn.org/documentation/Example-configuration.html), probably both TCP and UDP In order to allow its speedy usage on a larger number of systems, including production ones, and smooth usage of firewalld systems, please add: - a specific, predefined service for it under /usr/lib/firewalld/services/ - appropriate permissions, including SELinux, if necessary Additional info: http://www.tinc-vpn.org/documentation-1.1/Technical-information.html#Technical-information Best regards, Răzvan
(In reply to Răzvan Sandu from comment #0) > According to documentation, tinc uses port 655 Yes, looks like that # grep tinc /etc/services tinc 655/tcp # TINC tinc 655/udp # TINC
Added upstream https://git.fedorahosted.org/cgit/firewalld.git/commit/?id=9cd1fb90404dd45fb4cba54a3f26c698ff75a8ab
Thank you very much, that is exactly what we need. Please see also bug #1155972, whic is related. Thanks again, Răzvan
firewalld-0.3.13-1.fc21 has been submitted as an update for Fedora 21. https://admin.fedoraproject.org/updates/firewalld-0.3.13-1.fc21
firewalld-0.3.13-1.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/firewalld-0.3.13-1.fc20
Package firewalld-0.3.13-1.fc21: * should fix your issue, * was pushed to the Fedora 21 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing firewalld-0.3.13-1.fc21' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-16322/firewalld-0.3.13-1.fc21 then log in and leave karma (feedback).
firewalld-0.3.13-1.fc20 works but firewalld-0.3.13-1.fc21 isn't installable
firewalld-0.3.13-1.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
firewalld-0.3.13-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
Hello, Tinc VPN daemon (http://www.tinc-vpn.org/) sends/receives packets over 655 UDP. Similar to openvpn.xml, please add the following standard service to firewalld RPM, with appropriate permissions: <?xml version="1.0" encoding="utf-8"?> <service> <short>tinc</short> <description>tinc is a virtual private network (VPN) solution. It is used to create encrypted mesh tunnels between computers. If you plan to provide a VPN service via tinc, enable this option.</description> <port protocol="udp" port="655"/> </service> Best regards, Răzvan
Răzvan, it [1] has been there since firewalld-0.3.13. Have you tried that version ? [1] https://git.fedorahosted.org/cgit/firewalld.git/plain/config/services/tinc.xml
Hello and thanks, :) No, I didn't, since I only have production machines here. I am using CentOS and the version of tinc available in Fedora's EPEL. The only correction seems to be that only UDP is needed in the service file, similar to present openvpn.xml one. Thanks again, Răzvan