Can tinc traffic be identified by Deep Packet Inspection?

Roger wenrui at gmail.com
Tue Sep 20 17:25:38 CEST 2011


On Tue, Sep 20, 2011 at 11:07 PM, Guus Sliepen <guus at tinc-vpn.org> wrote:

> On Tue, Sep 20, 2011 at 09:35:13AM +0800, Roger wrote:
>
> > I'm seeing periodic packet loss with tinc (1.0.16). I have 'ReplayWindow
> =
> > 0' in config, and ping between the hosts is perfect.
>
> Setting ReplayWindow to zero will disable protection against replayed
> packets.
> If you do not set ReplayWindow, what exactly happens with ping between the
> hosts?
>

Thanks for replying. I meant pinging out of the tinc tunnel is perfect, but
pinging in the tinc tunnel has packet loss.

I tried to set 'ReplayWindow' but with no luck -- the packet loss are same.
So that ruled out the UDP packets reordering problem which 'ReplayWindow'
should fix.

>
> > I suspect the packets are identified and then dropped by the Great
> Firewall.
> >
> > My question is: can it be identified by DPI? If yes, how should I improve
> > tinc to avoid this?
>
> In principle tinc packets can be identified, if you have seen the initial
> handshake and can associate the UDP packets with it


The initial handshare is described here:
http://tinc-vpn.org/documentation/tinc_6.html#Authentication-protocol . If I
change the protocol in the first 2 steps (ID and METAKEY) and replace it
with my own version, and use different UDP ports. Maybe it won't be
identified.

Roger
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20110920/2c17eb51/attachment.html>


More information about the tinc mailing list