"Invalid KEX record length" during SPTPS key regeneration and related issues
Etienne Dechamps
etienne at edechamps.fr
Sun May 17 22:26:58 CEST 2015
On 17 May 2015 at 21:16, Guus Sliepen <guus at tinc-vpn.org> wrote:
>> >> The legacy protocol doesn't have that problem because KEY_CHANGED is a
>> >> broadcast message - meaning it can't really get lost.
>> >
>> > Actually, it can just as well, although it is very unlikely to happen
>> > that a broadcast message can get lost, and even less likely that this
>> > happens right when a KEY_CHANGED message gets sent.
>>
>> That's interesting, can you explain how you see a broadcast message
>> getting lost?
>
> When a node has a single metaconnection that has stopped working, but it
> hasn't detected that yet, and when before it detects that it has failed,
> has made a second metaconnection. Then, as far as the VPN is concerned,
> that node has never been unreachable, but a KEY_CHANGED message sent
> during that small window will be lost.
Ah, indeed. Thanks for that clarification.
More information about the tinc-devel
mailing list