VPN stablility problems
Michael Munger
michael at highpoweredhelp.com
Tue May 6 13:53:03 CEST 2014
I have to agree with Nick on this one. Were I in your situation, I'd be looking at the router first, it's the only thing in your network common to all the devices except tinc, but tinc has a wide user base, and no one else has chimmed in with a "me too" affirmation of your problem.
Nick Hibma <nick at anywi.com> wrote:
Larry,
Why would it be a tinc issue, if no one else chimes in to report the same problems?
A few more suggestions to help you drill down:
- You have not specified the router’s brand. Is it a cheapo thing that was provided with your Internet connection (like mine: a Fritz.Box with a lousy DNS cache for one)?
- Does the router properly handle long running connections like remote logins? Do a remote desktop connection to another machine on your LAN and see whether that is still around after 2 days. I bet it isn’t.
- You have not specified the router’s brand. Is it a cheapo thing that was provided with your Internet connection (like mine: a Fritz.Box with a lousy DNS cache for one)?
- Have you considered the switches in the path? I have seen weird stuff caused by switches going haywire once in a while and dropping almost all the traffic.
- If you are doing long running TCP connections over a tunnel that is running on TCP for some reason, your connection could at some point get stalled because of MTU problems. Example: If your client is behind a NAT and normally downloads stuff, but occasionally uploads large amounts, you could stall that connection easily if the MTU on the client is too high (it sends a packet that is too large, but does not get notified because of NAT dropping the ICMP packet).
- Why would three different versions of Windows behave different with respect to networking? May I point at a printer spooler locking a document and refusing to delete it, which has been a pain since Windows 95 right through to Windows 7 and perhaps later?
- The fact that none of the tunnelling solutions work sufficiently for you points at your setup.
- Have you run tinc in debug mode, or switched it to debug mode when it stop tunnelling? Guus must be unavailable as he would ask you to do that to figure out what’s going on.
The simplest solution is usually the right one. Write down your assumptions and prove them wrong. If you fail you are probably right.
Nick Hibma
AnyWi Technologies
On 06 May 2014, at 13:22, Larry Smith <lsmith999999 at hotmail.com> wrote:
> Hi Cédric/Nick,
>
> Thanks for the feedback. My network is actually as simple as they come. The problem exists even on two machines running on the same physical LAN (in my house). My router is set up to forward port 655 to one machine on that LAN, and to another port on a second machine. Even in that environment however the connection goes down sometimes. Both those machines are also connected to a remote machine which has the same issue but no more frequently than the machines in my house. I could try debugging things further as you suggested (Nick: I will look into all your suggestions - thanks), but since it's already the simplest set up possible, it should work out-of-the-box (and does normally except for this occasional instability). Since it's affecting three machines all running different versions of Windows (again, two in my house and one remotely), on the surface it seems unlikely to be a Windows problem (why would three different versions of the OS all have the same issue). It's therefore (likely) either a hardware issue or a "tinc" issue. My hardware is normally very stable however so I suspect it's a "tinc" issue (the most likely culprit at this point anyway). I'll try to debug it further to see if I can verify that but I wouldn't think it would (normally) be necessary to check or change any default settings for this to work (let alone any exotic settings). Thanks again.
>
> Regards,
>
> Larry
>
> -----Original Message----- From: Cédric Lemarchand
> Sent: Tuesday, May 6, 2014 1:51 AM
> To: tinc at tinc-vpn.org
> Subject: Re: VPN stablility problems
>
> Help Larry,
>
>> Le 5 mai 2014 à 22:01, Larry Smith <lsmith999999 at hotmail.com> a écrit :
>>
>> I may just have to live with this problem but wanted to gauge the experience of others. Thanks again.
>
> I use Tinc since 4 years now, it links 11 sites at office and, in my context (Linux routers over MPLS networks), it works like a charm and is pretty stable.
> Maybe you should try debugging harder the under layers of your network, or try a simplest configuration (LAN <=> LAN) and see if the issue remains.
>
> Cheers
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>
> ---
> This email is free from viruses and malware because avast! Antivirus protection is active.
> http://www.avast.com
>
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
_______________________________________________
tinc mailing list
tinc at tinc-vpn.org
http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
More information about the tinc
mailing list