Asymmetric routing and firewalls dropping UDP packets
Guus Sliepen
guus at tinc-vpn.org
Tue Sep 8 12:46:08 CEST 2015
On Mon, Sep 07, 2015 at 12:43:24PM -0400, Daniel J. Grinkevich wrote:
> We are running tinc (v. 1.0.26) in switch mode with bmx6 (another mesh
> protocol) running on top of the tap0 interface on about 25 devices. The
> asymmetric routing of UDP packets is causing my firewall and I presume
> others to drop some of the packets, since there are no outbound SYN packets
> originating from the device running tinc. Is there any way to mitigate
> this issue besides enabling tcponly (and not putting the tinc device in the
> dmz)? tcplonly would defeat the purpose of a mesh network.
There is nothing tinc can do here. Either make sure you don't do
asymetric routing, or change your firewall rules to not do stateful
filtering of TCP connections.
Why do you have asymmetric routing?
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20150908/288c512a/attachment.sig>
More information about the tinc
mailing list