traffic not going through tunnel

Soeren Malchow soeren.malchow at mcon.net
Tue Dec 22 19:00:11 CET 2009


Dear Guus,

no, we were using the latest vesion in Ubuntu Hardy, since it is the current LTS version, we upgraded from the launchpad.net<http://launchpad.net> PPAs


deb http://ppa.launchpad.net/dnjl/ppa/ubuntu YOUR_UBUNTU_VERSION_HERE main
deb-src http://ppa.launchpad.net/dnjl/ppa/ubuntu YOUR_UBUNTU_VERSION_HERE main

and i works immediately after that.

Thanks alot,

Regards
Soeren


On Dec 22, 2009, at 6:34 PM, Guus Sliepen wrote:

On Tue, Dec 22, 2009 at 06:20:53PM +0100, Soeren Malchow wrote:

thank you for your hint, we tried that, it does not work.

On regular basis the VPN works, we discovered something new now and it does not seem to be a problem inside tinc after this discovery,

We have fragmented packets ( UDP )  leaving our external interface, the first fragment reaches the opposite vpn endpoint, the second doesn't. This only happens with very large packets ( the first packet is already 1540 bytes )

17:37:15.602908 IP (tos 0x0, ttl 48, id 41502, offset 0, flags [+], proto UDP (17), length 1500) XXX.XXX.XXX.XXX.1194 > XXX.XXX.XXX.XXX.1194: UDP, length 1540
17:37:15.602930 IP (tos 0x0, ttl 48, id 41502, offset 1480, flags [none], proto UDP (17), length 88) XXX.XXX.XXX.XXX > XXX.XXX.XXX.XXX: udp

An we experience this only in one direction as we can see

We are not sure why this is, but this is the behaviour so far.

Hm, but if PMTUDiscovery is enabled, tinc shoould set the DF bit on outgoing
UDP packets, which should prohibit fragmentation. Just to be sure, are you
using the latest version of tinc (1.0.11)?

--
Met vriendelijke groet / with kind regards,
    Guus Sliepen <guus at tinc-vpn.org<mailto:guus at tinc-vpn.org>>
<signature.asc>_______________________________________________
tinc mailing list
tinc at tinc-vpn.org<mailto:tinc at tinc-vpn.org>
http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20091222/8915be5f/attachment.htm>


More information about the tinc mailing list