How to diagnostic UDP discovery failed situation
Guus Sliepen
guus at tinc-vpn.org
Thu Jun 22 20:07:57 CEST 2017
On Wed, Jun 21, 2017 at 09:11:47AM +0800, Bright Zhao wrote:
> I found the server(1.1.1.1) didn’t receive the MTU probe from client, so I add iptables -A INPUT -p udp —port 443 -j ACCEPT.
>
> After this, I see one packet matching on the server side, and the MTU negotiation works, but when I tear down the tinc, and re-establish the tinc connection, the counter of below UDP/443 never increase, and also my other tinc nodes never add this statement on iptables, but they alll works well for the MTU negotiation(finally works on UDP)
>
> pkts bytes target prot opt in out source destination
> 1 104 ACCEPT udp -- any any anywhere anywhere udp dpt:https
>
> The above statement is necessary, or not?
Yes, if it would otherwise block UDP packets coming in to the server,
you need it to ensure tinc can communicate via UDP.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20170622/dd95e415/attachment.sig>
More information about the tinc
mailing list