Packet capture to analysis the tinc connection close

Bright Zhao startryst at gmail.com
Tue Sep 5 06:27:59 CEST 2017 

Hi, All

Recently, one of my tinc client always suffer connection drop, I was suspect the connection was not stable to cause this issue, and BTW, I’ve set the PingTimeout to 10 seconds already, but this situation still happens a lot sometimes, but when the connection drop happens, the connection recovery pretty fast, normally in a minutes.

In order to deep dive into the cause, or proven the network quality problem, I capture the tcpdump from client to server to see what’s going on.

Client side configure:

tinc.conf:
AddressFamily = ipv4
Name = box2
ProcessPriority = high
PingTimeout = 10
TunnelServer = yes
ConnectTo = abc

box2:
Subnet = 10.0.0.102/32
IndirectData = yes
Port = 8102


Server side configure:

tinc.conf:
Name = abc
AddressFamily = ipv4
PingTimeout = 10

abc:
Address = 47.152.x.x(public address, 172.31.x.x as the private real NIC address)
Subnet = 10.0.0.16/32
Port = 443
IndirectData = yes


As you saw from https://ibb.co/mRyG3a <https://ibb.co/mRyG3a>, the connection get drop and re-establish very frequently, and the one highlighted as yellow, it’s the connection we’ll go into deep dive, which happens on 07:41:35, when you cross check this with https://ibb.co/b740UF <https://ibb.co/b740UF>, you’ll find that event match the packet of 485/486 which is the server side RST packet to close the connection, but let’s move our focus to the packet of 481, which is the packet server(47.52.x.x) send to tinc client to close the connection, which happens at 07:41:27.

Then the below logs are captured from tinc server side that you can see at 07:41:27, the server report it didn’t receive any Ping respond from the client, so that it close the connection, but let’s take a look for the tcpdump from server side, which is the server_tcpdump(in attachment). No.463 packet is the one where server send FIN to tinc client to close the connection at 07:41:27, but the assumption is server didn’t receive any Ping response from client so that the server initiate the closure, but as we see from the screenshot that, the server(172.31.x.x) received and sent couple of packets with tinc client(123.151.x.x) before 07:41:27, which is https://ibb.co/isECbv <https://ibb.co/isECbv>, for example packet of 457~462. So why tinc server believe it doesn’t receive any response from tinc client, but the packet capture shows it had regular communication with tinc client with 10 second. I would like to get to know the cause for this tinc frequent drop issue.

Sep  5 07:41:27 abc tinc.myvpn[8510]: box2 (123.151.x.x port 51402) didn't respond to PING in 10 seconds
Sep  5 07:41:27 abc tinc.myvpn[8510]: Closing connection with box2 (123.151.x.x port 51402)
Sep  5 07:41:40 abc tinc.myvpn[8510]: Connection with box2 (123.151.x.x port 51418) activated


Best Regards

Bright
✉
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20170905/85ed6504/attachment-0001.html>

More information about the tinc mailing list