Packet capture to analysis the tinc connection close

Guus Sliepen guus at tinc-vpn.org
Wed Sep 13 17:13:51 CEST 2017 

On Fri, Sep 08, 2017 at 06:35:41AM +0800, Bright Zhao wrote:

> And, I ran a constant ping from the tinc client’s IP to the tinc server’s IP, it shows, the pings are all successfully back and forth, no any packet loss during the connection drop happens, so will this help to exclude any NAT/firewall cause the connection drop?
> 
> And as you saw from the earlier screen shot, when it happens, it drop all tinc connections, and those connections are for different direction of tinc servesr, and the packet capture is just show one of the connections.
> 
> I do realize the connection drop in the picture happens 10 mins, but the tinc client is direct connect to SP with public routable IP, without any firewall/NAT. Just trying to know if there’s any other reason might cause this?
> 
> And BTW, this type of connection drop is not regularly with pattern, sometimes it happens, sometimes it doesn’t.

Tinc itself wouldn't cause these kind of reconnections. It clearly sees
a timeout, which means it didn't receive a response to its PING packets in
time. Unfortunately, there are two classes of devices that are not
uncommon that could cause this to happen: consumer ADSL/cable modems
tend to have very short timeouts on connections or NAT mappings, and
some providers just randomly drop long-lived connections for various
reasons (mainly because they think you should only browse webpages,
which only requires short-lived TCP connections, which is also easy to
analyze, and they want to discourage VPNs, VoIP et cetera).

But just to be sure, just set up a TCP connection between the two nodes
using netcat or socket for example, send something over that connection
every minute, and see how long it lasts.

You can also try to reduce PingInterval to, say, 30, and see if that
improves anything.

-- 
Met vriendelijke groet / with kind regards,
     Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20170913/be6a3eaa/attachment.sig>

More information about the tinc mailing list