ping: Bad Code: 6
Jeff Pyle
kg8iu at qsl.net
Mon Dec 8 18:57:58 CET 2003
The entire problem was iptables-related. Adding a rule to blindly allow
input from the tinc interface solved it. Thanks for your assistance.
- Jeff
Guus Sliepen wrote:
>On Mon, Dec 01, 2003 at 10:02:09AM -0500, Jeff Pyle wrote:
>
>
>
>>Still experimenting with the automesh function. In the midst of that, I
>>encountered a new problem.
>>
>>Of the 6 linux boxes in my tinc VPN, 3 were RedHat 9, 1 was Suse 9 Pro,
>>1 was Fedora Core 1, and one was RedHat 8.0. All was well. They were
>>running a mix of the static binary and locally compiled-from-source
>>binaries. I updated two of the RedHat 9 boxes to Fedora Core 1, about 3
>>days apart. After the first update, no problem with the tinc tunnels.
>>Now, after the second, there is. The two boxes I've updated cannot talk
>>directly to each other through the tunnels. When I try to ping, I get
>>Bad Code: 6. I can't figure out what that means.
>>
>>
>
>The standard ping command on Linux is a little bit retarded, and doesn't
>know about some very valid ICMP codes, instead claims they are "Bad".
>Code 6 means: destination net unknown. It is generated by tinc if you
>try to send packets to an IP address for which no Subnet is known.
>Either because there really is no such Subnet specified, or because the
>tinc daemon which owns that Subnet is not running.
>
>You can do "tincd -n <netname> -kusr2" to let tinc log a list of all
>Subnets it knows about.
>
>
>
>>It seems that I can
>>get from one linux host to machines on the LAN behind the second linux
>>host, but ping times reveal it's not going straight through (automesh
>>problem again). I have ConnectTo statements for all boxes on all
>>boxes. Exactly the same config and hosts files worked just fine before
>>I redid the boxes.
>>
>>
>
>I wouldn't trust ping times, use tcpdump or increase tinc's logging
>verbosity to see if the packets really go straight or not. For example,
>start tinc with "tincd -n <netname> -d5 -D".
>
>
>
Tinc: Discussion list about the tinc VPN daemon
Archive: http://mail.nl.linux.org/lists/
Tinc site: http://tinc.nl.linux.org/
More information about the Tinc
mailing list