very high traffic without any load

Lars Kruse lists at sumpfralle.de
Sat May 4 02:45:34 CEST 2019 

Hello Christopher,


Am Fri, 3 May 2019 20:06:54 +0200
schrieb "Christopher Klinge" <Christ.Klinge at web.de>:

> I did some digging, and thus far I could not find any other culprit other
> than tinc itself. The packages that are being sent are addressed directly to
> the other tinc hosts on their vpn addresses. During my latest tests, within
> about 12 seconds 100MB of data were transmitted this way.

Just in order to avoid any misunderstandings:
* you took a look at the traffic *through* the tinc network interface
  (this should be the payload that you expect to see floating through your VPN)
* this traffic uses the internal VPN addresses of your VPN
  (we expect this)
* you are surprised by the amount of traffic

This sounds like a routing issue.
(traffic passing through the VPN that should take a different path)


> At the very beginning, normal connections are being set up and a few ICMP
> neighbor advertisements/solicitations are being exchanged. Next a short TCP
> session was created between the public IP addresses of two of my hosts,
> through the VPN.

What do you mean with "session"? Some http-requests that you are sending
through the VPN? Or something special?


> Warning, wall of text incoming:
> Source                Destination           Protocol Length Info
> node01-public         node04-public         TCP      929    tinc(655) → 40690 [PSH, ACK] Seq=1 Ack=1 Win=240 Len=843 TSval=66121145 TSecr=65947641
> node01-public         node04-public         TCP      1294   tinc(655) → 40690 [ACK] Seq=844 Ack=1 Win=240 Len=1208 TSval=66121145 TSecr=65947641
> [..]

The packets above belong to the tinc connection. They should be routed through
your uplink network interfaces (or whatever is between your tinc peers).

If you really see these packets *within* the tinc network, then it is very
likely that you were adding some routes after establishing the tinc VPN. Maybe
these routes changed the path of the connection between the tinc peers.
Obviously the tinc traffic between the peers may *never* go through the
VPN itself.
Thus you may want to verify, that the routes on the tinc peers (while the
VPN is established) meet your expectations. Maybe you want to share these
(obfuscated) routes with us?
(just run "ip route" on both hosts)

Cheers,
Lars

More information about the tinc mailing list