Problem with more than two Subnets!

Guus Sliepen guus at sliepen.eu.org
Sat Jul 19 10:56:01 CEST 2003 

On Fri, Jul 18, 2003 at 10:59:23PM -0400, Andres Sommerhoff wrote:

> Hello, I successfully built a vpn between two hosts ("main" and
> "iquique") (and its SubNets), but I have problems when I want to add
> another host ("valparaiso"): I get a lot of Duplicates packets
> everywhere and a very slow vpn. I guess that is a routing problem, but
> I have try with a lot of alternatives without result. I have try with
> "switch", "hub" and "router" modes, too. If I turn off one of the
> clients ("iquique" or "valparaiso") the vpn return to the normality. I
> have RH 9.0 and tinc-1.0CVS (The only version that run on RH 9.0) of
> one week ago. Someone has an idea or solution for this? 

You must make sure that all tinc daemons are configured to use the same
mode. The information you sent is a bit contradictory, for instance:

> [root at main /etc/tinc/vpn]# cat tinc.conf
>   Name = main
>   Mode = switch
>   Device=/dev/net/tun
>   PrivateKeyFile = /etc/tinc/vpn/rsa_key.priv
[...]
> [root at main /etc/tinc/vpn]# ifconfig
[...]
>   vpn     Link encap:Point-to-Point Protocol
>           inet addr:10.0.250.1  P-t-P:10.0.250.1  Mask:255.255.0.0
>           UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
>           RX packets:35 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:36 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:10
>           RX bytes:4531 (4.4 Kb)  TX bytes:4246 (4.1 Kb)

If tinc were in switch mode, the vpn interface would never be
Point-to-Point, but Ethernet.

Looking at the setup of your network I'd say you should stick to router
mode. However, all of this doesn't explain why you see duplicate
packets. The packets are not duplicated by tinc, because the TTL is
different, and tinc doesn't alter packets in any way. Could you try to
use tcpdump on various interfaces to look where the duplicates are
created?

-- 
Met vriendelijke groet / with kind regards,
    Guus Sliepen <guus at sliepen.eu.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://brouwer.uvt.nl/pipermail/tinc/attachments/20030719/978f75b8/attachment.pgp

More information about the Tinc mailing list