X-Git-Url: https://tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fnet_packet.c;h=70b6106bb9acbd59bd83258a9d14fe74a2625a87;hb=b0d80c7f28528c2c8857c5662b4aca779b3184bb;hp=012085e22bf8e9beb40185e11febd90701ede2b1;hpb=3d41e7d71247998b7c4a3dd4eacb93bd3529428d;p=tinc

diff --git a/src/net_packet.c b/src/net_packet.c
index 012085e2..70b6106b 100644
--- a/src/net_packet.c
+++ b/src/net_packet.c
@@ -378,7 +378,7 @@ static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) {
 		return;
 	}
 
-	if(!cipher_active(n->incipher)) {
+	if(!n->status.validkey) {
 		logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got packet from %s (%s) but he hasn't got our key yet", n->name, n->hostname);
 		return;
 	}
@@ -767,7 +767,7 @@ bool send_sptps_data(void *handle, uint8_t type, const char *data, size_t len) {
 
 	/* Send it via TCP if it is a handshake packet, TCPOnly is in use, or this packet is larger than the MTU. */
 
-	if(type >= SPTPS_HANDSHAKE || ((myself->options | to->options) & OPTION_TCPONLY) || (type != PKT_PROBE && len > to->minmtu)) {
+	if(type >= SPTPS_HANDSHAKE || ((myself->options | to->options) & OPTION_TCPONLY) || (type != PKT_PROBE && (len - SPTPS_DATAGRAM_OVERHEAD) > to->minmtu)) {
 		char buf[len * 4 / 3 + 5];
 		b64encode(data, buf, len);
 		/* If no valid key is known yet, send the packets using ANS_KEY requests,
@@ -792,6 +792,8 @@ bool send_sptps_data(void *handle, uint8_t type, const char *data, size_t len) {
 
 	if(sendto(listen_socket[sock].udp.fd, data, len, 0, &sa->sa, SALEN(sa->sa)) < 0 && !sockwouldblock(sockerrno)) {
 		if(sockmsgsize(sockerrno)) {
+			// Compensate for SPTPS overhead
+			len -= SPTPS_DATAGRAM_OVERHEAD;
 			if(to->maxmtu >= len)
 				to->maxmtu = len - 1;
 			if(to->mtu >= len)