very high traffic without any load
Lars Kruse
lists at sumpfralle.de
Sat May 4 02:45:34 CEST 2019
Hello Christopher,
Am Fri, 3 May 2019 20:06:54 +0200
schrieb "Christopher Klinge" <Christ.Klinge at web.de>:
> I did some digging, and thus far I could not find any other culprit other
> than tinc itself. The packages that are being sent are addressed directly to
> the other tinc hosts on their vpn addresses. During my latest tests, within
> about 12 seconds 100MB of data were transmitted this way.
Just in order to avoid any misunderstandings:
* you took a look at the traffic *through* the tinc network interface
(this should be the payload that you expect to see floating through your VPN)
* this traffic uses the internal VPN addresses of your VPN
(we expect this)
* you are surprised by the amount of traffic
This sounds like a routing issue.
(traffic passing through the VPN that should take a different path)
> At the very beginning, normal connections are being set up and a few ICMP
> neighbor advertisements/solicitations are being exchanged. Next a short TCP
> session was created between the public IP addresses of two of my hosts,
> through the VPN.
What do you mean with "session"? Some http-requests that you are sending
through the VPN? Or something special?
> Warning, wall of text incoming:
> Source Destination Protocol Length Info
> node01-public node04-public TCP 929 tinc(655) → 40690 [PSH, ACK] Seq=1 Ack=1 Win=240 Len=843 TSval=66121145 TSecr=65947641
> node01-public node04-public TCP 1294 tinc(655) → 40690 [ACK] Seq=844 Ack=1 Win=240 Len=1208 TSval=66121145 TSecr=65947641
> [..]
The packets above belong to the tinc connection. They should be routed through
your uplink network interfaces (or whatever is between your tinc peers).
If you really see these packets *within* the tinc network, then it is very
likely that you were adding some routes after establishing the tinc VPN. Maybe
these routes changed the path of the connection between the tinc peers.
Obviously the tinc traffic between the peers may *never* go through the
VPN itself.
Thus you may want to verify, that the routes on the tinc peers (while the
VPN is established) meet your expectations. Maybe you want to share these
(obfuscated) routes with us?
(just run "ip route" on both hosts)
Cheers,
Lars
More information about the tinc
mailing list