tinc connections fallout -- solved
Bart Friederichs
plant at chello.nl
Sun Feb 18 23:41:22 CET 2001
Hi,
Thanks for the help on this one, but it seemed the problem was a wrong firewall
rule. It filtered at port 655. Still weird that a connection that wasn't on
that (wrongly filtered) host failed. It seems all data is routed wrongly, we
have to look deeper into that. But for now everything works fine, getting the
network neighboorhood right is the next step ;-)
Bart Friederichs
On Fri, 16 Feb 2001, you wrote:
>
> On Fri, Feb 16, 2001 at 10:11:36AM +0100, Bart Friederichs wrote:
>
> > I restarted the tincd between the 2.2.16 hosts, and nothing happened first.
> > After a while I got this at the listening tincd:
> > Feb 16 10:04:31 ophar dhcpd: fallback_discard: Connection refused
> > Feb 16 10:05:53 ophar tinc.pirnet[21675]: 212.187.121.188 port 655: Connection timed out
> > Feb 16 10:05:53 ophar tinc.pirnet[21675]: Could not set up a meta connection to 212.187.121.188
> > Feb 16 10:05:54 ophar tinc.pirnet[21675]: Bogus data received from unknown (212.187.121.188)
>
> Ehm, I think your syslog does not log every message type to /var/log/syslog or
> whatever file you just copied&pasted this from. I'm missing the startup
> messages and the protocol messages... Could you edit your /etc/syslog.conf to
> log *everything* to a file? You can do this by adding a line like this:
>
> *.* -/var/log/all
>
> > Feb 16 10:05:54 ophar last message repeated 2 times
> > Feb 16 10:06:08 ophar tinc.pirnet[21675]: Writing packet of 74 bytes to tap device
> > Feb 16 10:06:11 ophar tinc.pirnet[21675]: Sending packet of 76 bytes to athos_pir (212.187.121.188)
> > Feb 16 10:06:11 ophar tinc.pirnet[21675]: Writing packet of 66 bytes to tap device
> > Feb 16 10:06:11 ophar tinc.pirnet[21675]: Sending packet of 117 bytes to athos_pir (212.187.121.188)
> > [... this continues even when there is no network activity ... ]
>
> That is very strange... Can you show me the output of ifconfig and route on
> that machine?
>
> > So, it times out, received Bogus data and after that, the link works. There are
> > more strange things happening, when the link between Ophar and Vloch falls out,
> > netstat tells me the Ophar -> Athos link is still there, but I can't send any
> > data to it. Seems like all Ophar -> Athos data is routed over Vloch (Ophar,
> > Athos and Vloch are the three hosts that are connected to eachother, as you
> > might already guessed ;))
>
> What kind of links or data are you talking about now?
>
> > Is it possible that the circular way in which the VPN is set up (ophar connects
> > to athos, athos connects to vloch and vloch connects to ophar) might cause
> > this? Also, there is one tincd running that both listens and connects, over one
> > tap device.
>
> That should not be a problem, tinc will prevent loops from happening.
>
> > > Only if your network is really slow should you be meddling with PingTimeouts,
> > > but do try.
> > Is 15kByte slow? Both ophar and athos are on chello.nl links, which have 15kB
> > max. upstream.
>
> Yes, chello is slow :) But are you getting ping timeout messages in the syslog?
>
> -------------------------------------------
> Met vriendelijke groet / with kind regards,
> Guus Sliepen <guus at sliepen.warande.net>
> -------------------------------------------
> See also: http://tinc.nl.linux.org/
> http://www.kernelbench.org/
> -------------------------------------------
>
----------------------------------------
Content-Type: application/pgp-signature; name="unnamed"
Content-Transfer-Encoding: 7bit
Content-Description:
----------------------------------------
--
-----------------------------------------------------------------------
The internet is a too slow way of doing things you'd never do without it.
Bart Friederichs, 1998
-------------------------------------------------------------------------
-
Tinc: Discussion list about the tinc VPN daemon
Archive: http://mail.nl.linux.org/lists/
Tinc site: http://ftp.nl.linux.org/pub/linux/tinc/
More information about the Tinc
mailing list