several problems....

Michael Tokarev mjt at tls.msk.ru
Sat May 23 22:50:27 CEST 2009 

Hello.

Finally I discovered the mailinglists and subscribed.
Before, I were in #tinc, pinging guus all the time with
various stuff/problems/patches/etc.

So... the problems, in no particular order.

1)
Quite often, after re-starting a client (I run in tunnelserver
mode), no packets are flowing.  Tcpdump shows packets being
sent from client but nothing gets received, and on the server
both send and receive is happening.  Increasing debug level
on client discovers:

May 24 00:15:52 gnome tinc.vpn[2798]: Sending packet of 98 bytes to tls (81.13.33.158 port 655)
May 24 00:15:53 gnome tinc.vpn[2798]: Got unauthenticated packet from tls (81.13.33.158 port 655)

and so on.  That is, the client dislikes packets the server
sends out.

I wasn't able to find any solution to this, EXCEPT of *restarting*
the *server*.  Until it happens, there will be entries like that
in log and nothing received, no matter how much client restarting
takes place.

2)
upgrading client to latest git:

May 24 00:19:32 gnome tinc.vpn[2918]: No minimum MTU established yet for tls (81.13.33.158 port 655), forwarding via TCP
May 24 00:19:32 gnome tinc.vpn[2918]: Sending PACKET to tls (81.13.33.158 port 655): 17 98
May 24 00:19:32 gnome tinc.vpn[2918]: Sending 6 bytes of metadata to tls (81.13.33.158 port 655)
May 24 00:19:32 gnome tinc.vpn[2918]: Sending 98 bytes of metadata to tls (81.13.33.158 port 655)
May 24 00:19:32 gnome tinc.vpn[2918]: Flushing 104 bytes to tls (81.13.33.158 port 655)
May 24 00:19:33 gnome tinc.vpn[2918]: Got packet from tls (81.13.33.158 port 655) but he hasn't got our key yet

this one.. well.. I don't know what does it mean.
In any way it does not work still.

3)
As far as I can see, 1) is fixed in git.  When no keys are known,
code from git now sends packets over TCP, just like with MTU above.
So far so good.  But as expected, it does not quite work.
Upgrading server to latest git too:

May 24 00:20:12 gnome tinc.vpn[2918]: Sending packet of 98 bytes to tls (81.13.33.158 port 655)
May 24 00:20:12 gnome tinc.vpn[2918]: No valid key known yet for tls (81.13.33.158 port 655), forwarding via TCP
May 24 00:20:12 gnome tinc.vpn[2918]: Sending REQ_KEY to tls (81.13.33.158 port 655): 15 mjt tls
May 24 00:20:12 gnome tinc.vpn[2918]: Sending 11 bytes of metadata to tls (81.13.33.158 port 655)
May 24 00:20:12 gnome tinc.vpn[2918]: Sending PACKET to tls (81.13.33.158 port 655): 17 98
May 24 00:20:12 gnome tinc.vpn[2918]: Sending 6 bytes of metadata to tls (81.13.33.158 port 655)
May 24 00:20:12 gnome tinc.vpn[2918]: Sending 98 bytes of metadata to tls (81.13.33.158 port 655)
May 24 00:20:12 gnome tinc.vpn[2918]: Flushing 115 bytes to tls (81.13.33.158 port 655)
May 24 00:20:13 gnome tinc.vpn[2918]: Got ANS_KEY from tls (81.13.33.158 port 655): 16 tls mjt  91 64 0 11
May 24 00:20:13 gnome tinc.vpn[2918]: Got bad ANS_KEY from tls (81.13.33.158 port 655)
May 24 00:20:13 gnome tinc.vpn[2918]: Error while processing ANS_KEY from tls (81.13.33.158 port 655)
May 24 00:20:13 gnome tinc.vpn[2918]: Closing connection with tls (81.13.33.158 port 655)

oops.

4)
May 24 00:20:26 gnome tinc.vpn[2918]: Node tls (81.13.33.158 port 655) is not reachable
May 24 00:20:26 gnome tinc.vpn[2918]: Flushing event queue
May 24 00:20:26 gnome tinc.vpn[2918]: Trying to connect to tls (81.13.33.158 port 655)
May 24 00:20:26 gnome tinc.vpn[2918]: Cannot open config file /etc/tinc/vpn/hosts/X{<C1>         t<C1>  (^H<C2> h <C2>  : No such file or directory
May 24 00:20:26 gnome tinc.vpn[2918]: No address specified for X{<C1>    t<C1>  (^H<C2> h <C2>
May 24 00:20:27 gnome tinc.vpn[2918]: Connected to tls (81.13.33.158 port 655)
May 24 00:20:27 gnome tinc.vpn[2918]: Sending ID to tls (81.13.33.158 port 655): 0 mjt 17

eh?  This is the "latest git" trying to reconnect to the server after I
restarted the server, in a hope to "fix" that "bad ANS_KEY".  OOPS.

5)
May 24 00:20:33 gnome tinc.vpn[2918]: Sending PING to rgs (212.176.17.70 port 655): 8
May 24 00:20:33 gnome tinc.vpn[2918]: Sending 2 bytes of metadata to rgs (212.176.17.70 port 655)
May 24 00:20:33 gnome tinc.vpn[2918]: Got fatal signal 11 (Segmentation violation)
May 24 00:20:33 gnome tinc.vpn[2918]: Trying to re-execute in 5 seconds...


6)
see #2 again.  It "complains" about MTU.  But hell, this is our lovely MTU
again.  And I fixed, hopefully, mtu for this very client, bot on client and
on server:

  PMTU = 1440
  PMTUDiscovery = no

but it says "No MTU is known yet".  It's complete bullshit, it IS known and FIXED
to this very size.  Or should be.  Oh well.

and so on.

I need help fixing at least some of these.  Because with all that, tinc
is absolutely unusable.

Thanks.

/mjt

More information about the tinc-devel mailing list