traffic not going through tunnel
Guus Sliepen
guus at tinc-vpn.org
Tue Dec 22 17:16:43 CET 2009
On Tue, Dec 22, 2009 at 05:07:10PM +0100, Soeren Malchow wrote:
> we have a very strange problem,
>
> - we have 3 VPN endpoints
> - all are in one NETWORK
> - all daemons come up and connect without any problem and normally we have no problem working through the VPN
>
> but in some cases the connection does not work because the traffic leaves the TAP interface on one VPN endpoint but never arrives on the other end, the similarities between the packages seem to be
>
> - the packages are 1500 bytes long ( lower MTU does not solve the problem )
> - the packages have no checksum
> 16:26:25.982932 IP (tos 0x0, ttl 127, id 19831, offset 0, flags [DF], proto TCP (6), length 1500) XXX.XXX.XXX.XXX.443 > XXX.XXX.XXX.XXX.51285: . 512:1960(1448) ack 1200 win 64163 <nop,nop,timestamp 249076008 754904913>
>
> does anyone even have a suggestion where to look, we have no further ideas how to solve that
Do you use Mode = switch? If so, try adding PMTUDiscovery = yes to the host config files.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20091222/c60b1b9a/attachment.pgp>
More information about the tinc
mailing list