Strange Traffic Problem

shikkc shikkc at kirktis.net
Sun Apr 26 17:11:27 CEST 2015


On 2015-04-24 22:02, Guus Sliepen wrote:
> On Fri, Apr 24, 2015 at 03:08:54AM +0800, shikkc wrote:
> 
>> There is a single box on our tinc mesh which can be pinged from all hosts,
>> but cannot ping any.
> [...]
>> TCPdump on other machines shows no incoming traffic from this box, but
>> TCPdump on this box shows traffic 'exiting' via the tinc tun device. Having
>> tried everything I could conceive of, for some reason I decided to start
>> mucking with packet sizes. pinging with a data size of 26 bytes (total size
>> 34) works perfectly. Any larger size fails.
> 
> Have you tried much larger packet sizes, like 1400? It could be that
> this node's ISP blocks UDP packets with sizes that are commonly used by
> VoIP. Tinc only checks if large UDP packets can be sent, and if so it
> will not detect it when small packets get dropped.

Yes, I have tried this, all larger packet sizes are dropped, including 
jumbos.

> 
> You can also try adding the following to the problematic node's
> tinc.conf:
> 
> TCPOnly = yes
> 

Yes, I've tried this already and removed it because it did not help at all. I 
should have included that doing an 'info' on the node shows that it is 
reachable directly via TCP, so it seems to be doing this regardless of having 
the flag or not.

Some more testing reveals even odder behavior - when the router is set to use 
tinc as it's 'default gateway', Traffic is sent from it to the central node, 
and the central node and also farther servers reply. However, the problematic 
node never sees these replies. If you'd like example tinc pcap-format dumps I 
can provide those though for obvious reasons I don't want to send them to the 
entire list.

-- 
-shikkc


More information about the tinc mailing list