How to diagnostic UDP discovery failed situation

Guus Sliepen guus at tinc-vpn.org
Thu Jun 22 20:07:57 CEST 2017


On Wed, Jun 21, 2017 at 09:11:47AM +0800, Bright Zhao wrote:

> I found the server(1.1.1.1) didn’t receive the MTU probe from client, so I add iptables -A INPUT -p udp —port 443 -j ACCEPT.
> 
> After this, I see one packet matching on the server side, and the MTU negotiation works, but when I tear down the tinc, and re-establish the tinc connection, the counter of below UDP/443 never increase, and also my other tinc nodes never add this statement on iptables, but they alll works well for the MTU negotiation(finally works on UDP)
> 
> pkts bytes target     prot opt in     out     source               destination         
>     1   104 ACCEPT     udp  --  any    any     anywhere             anywhere            udp dpt:https 
> 
> The above statement is necessary, or not?

Yes, if it would otherwise block UDP packets coming in to the server,
you need it to ensure tinc can communicate via UDP.

-- 
Met vriendelijke groet / with kind regards,
     Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20170622/dd95e415/attachment.sig>


More information about the tinc mailing list