help with tinc unstable state
Michael Drzal
mdrzal at gmail.com
Fri Mar 20 15:07:56 CET 2015
I am using tinc to connect together VPCs in AWS across multiple regions and
accounts to provide secure communication. For the most part, it works
great. A few times, I have seen issues where something got into an
unstable state that didn't seem to resolve itself. Shutting down tinc on
all hosts and restarting seemed to do the trick, but I'd like to see if
there is something that I can change with the configuration to mitigate
this. Here is what the issue looks like when it happens with the
hostnames/ips changed:
Feb 26 07:39:20 host1 [daemon.info] tinc.network[1022]: host2 (1.1.1.1 port
655) could not flush for 9 seconds (324908 bytes remaining)
Feb 26 07:39:20 host1 [daemon.notice] tinc.network[1022]: Closing
connection with host2 (1.1.1.1 port 655)
Feb 26 07:39:20 host1 [daemon.err] tinc.network[1022]: Could not set up a
meta connection to host2
Feb 26 07:39:20 host1 [daemon.info] tinc.network[1022]: Trying to connect
to host2 (1.1.1.1 port 655)
Feb 26 07:39:20 host1 [daemon.info] tinc.network[1022]: Connected to host2
(1.1.1.1 port 655)
Feb 26 07:39:20 host1 [daemon.notice] tinc.network[1022]: Connection with
host2 (1.1.1.1 port 655) activated
Feb 26 07:39:20 host1 [daemon.err] tinc.network[1022]: Flushing meta data
to host2 (1.1.1.1 port 655) failed: Connection reset by peer
Feb 26 07:39:20 host1 [daemon.notice] tinc.network[1022]: Closing
connection with host2 (1.1.1.1 port 655)
Feb 26 07:39:20 host1 [daemon.err] tinc.network[1022]: Could not set up a
meta connection to host2
Feb 26 07:39:20 host1 [daemon.info] tinc.network[1022]: Trying to connect
to host2 (1.1.1.1 port 655)
Feb 26 07:39:20 host1 [daemon.info] tinc.network[1022]: Connected to host2
(1.1.1.1 port 655)
Feb 26 07:39:20 host1 [daemon.notice] tinc.network[1022]: Connection with
host2 (1.1.1.1 port 655) activated
Feb 26 07:39:20 host1 [daemon.info] tinc.network[1022]: host2 (1.1.1.1 port
655) could not flush for 5 seconds (459308 bytes remaining)
Feb 26 07:39:20 host1 [daemon.notice] tinc.network[1022]: Closing
connection with host2 (1.1.1.1 port 655)
Feb 26 07:39:20 host1 [daemon.err] tinc.network[1022]: Could not set up a
meta connection to host2
Feb 26 07:39:20 host1 [daemon.info] tinc.network[1022]: Trying to connect
to host2 (1.1.1.1 port 655)
Feb 26 07:39:20 host1 [daemon.warning] tinc.network[1022]: Timeout from
host2 (1.1.1.1 port 655) during authentication
Feb 26 07:39:20 host1 [daemon.err] tinc.network[1022]: Could not set up a
meta connection to host2
Feb 26 07:39:20 host1 [daemon.info] tinc.network[1022]: Trying to connect
to host2 (1.1.1.1 port 655)
Feb 26 07:39:20 host1 [daemon.info] tinc.network[1022]: Connected to host2
(1.1.1.1 port 655)
Feb 26 07:39:20 host1 [daemon.notice] tinc.network[1022]: Connection with
host2 (1.1.1.1 port 655) activated
Feb 26 07:39:20 host1 [daemon.err] tinc.network[1022]: Flushing meta data
to host2 (1.1.1.1 port 655) failed: Connection reset by peer
We see this across all of the hosts with no real pattern. Our main tinc
configuration looks like this:
Name = myname
Device = /dev/net/tun
ConnectTo = host1
ConnectTo = host2
ConnectTo = host3
The per host configs look like:
Subnet = subnet1
Subnet = subnet2
Subnet = subnet3
Address = eip
public_key_info
We are using tinc-1.0.24. We have roughly 170 hosts running tinc and 907
subnets total.
Please let me know if any other details would help.
Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20150320/dd15ffb2/attachment.html>
More information about the tinc
mailing list