traffic not going through tunnel
Guus Sliepen
guus at tinc-vpn.org
Tue Dec 22 18:34:22 CET 2009
On Tue, Dec 22, 2009 at 06:20:53PM +0100, Soeren Malchow wrote:
> thank you for your hint, we tried that, it does not work.
>
> On regular basis the VPN works, we discovered something new now and it does not seem to be a problem inside tinc after this discovery,
>
> We have fragmented packets ( UDP ) leaving our external interface, the first fragment reaches the opposite vpn endpoint, the second doesn't. This only happens with very large packets ( the first packet is already 1540 bytes )
>
> 17:37:15.602908 IP (tos 0x0, ttl 48, id 41502, offset 0, flags [+], proto UDP (17), length 1500) XXX.XXX.XXX.XXX.1194 > XXX.XXX.XXX.XXX.1194: UDP, length 1540
> 17:37:15.602930 IP (tos 0x0, ttl 48, id 41502, offset 1480, flags [none], proto UDP (17), length 88) XXX.XXX.XXX.XXX > XXX.XXX.XXX.XXX: udp
>
> An we experience this only in one direction as we can see
>
> We are not sure why this is, but this is the behaviour so far.
Hm, but if PMTUDiscovery is enabled, tinc shoould set the DF bit on outgoing
UDP packets, which should prohibit fragmentation. Just to be sure, are you
using the latest version of tinc (1.0.11)?
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20091222/ce39bd11/attachment.pgp>
More information about the tinc
mailing list