MTU probes fail on reconnect
Donald Pearson
donaldwhpearson at gmail.com
Sat Jan 1 21:38:39 CET 2011
On Sat, Jan 1, 2011 at 2:47 PM, Guus Sliepen <guus at tinc-vpn.org> wrote:
>
> If MTU probes are not responded to, then yes, tinc will fall back to TCP
> and
> this will increase latency and decrease throughput. It would be interesting
> to
> know why the MTU probes or the responses to them are not received. Perhaps
> you
> can store tinc's debug output (using the --logfile option) and at the same
> time
> run tcpdump on the public network interface to see what is being sent and
> received?
>
Sure I can do that. I'll try to get it done this week.
>
> MTU probes will be attempted again after one hour by default. It is tied to
> the
> session key timeout, so you can let tinc try more often by adding KeyExpire
> =
> 600 to tinc.conf for example. Still, this is suboptimal of course. I will
> change it to keep sending MTU probes every PingInterval, just like it does
> when
> MTU probes did not fail.
>
Ah okay. I definitely didn't observe for an hour.
>
> Hm, that might indicate a bug in tinc. However, I could not reproduce it
> with
> two Linux machines. It could also be a problem with some stateful firewall
> rule
> or a router doing NAT that keeps an old mapping around for 30 seconds.
> > Every time when the MTU probing fails, I see latency between 700 - 1000
> ms
> > with 32 byte pings over a LAN.
>
> That in itself is way too high, but this is a problem many people have seen
> on
> Windows.
>
> Yes, the idea is that tinc should figure out the best way to connect to
> other
> nodes on its own of course. I'll try to reproduce the problem with a node
> running Windows, maybe that makes a difference.
>
Yes this whole thing could very well be related to a Windows client and
perhaps it's related to some of the other complaints I've also seen of other
Windows users report nasty latency.
I will see if I can reproduce the effect with a Linux client too.
-Donald
>
> --
> Met vriendelijke groet / with kind regards,
> Guus Sliepen <guus at tinc-vpn.org>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
>
> iEYEARECAAYFAk0fhM0ACgkQAxLow12M2nvkMwCfcojnEMNqaTuBp1B7dDI3ymT8
> ILsAnjGeAyn6QMCykwbX/rNGebQwzfCc
> =hODH
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20110101/5790c741/attachment.htm>
More information about the tinc
mailing list