Updating to Tinc 1.0.14 on Gentoo Linux
Guus Sliepen
guus at tinc-vpn.org
Sun Jun 5 19:12:50 CEST 2011
On Sun, Jun 05, 2011 at 06:41:46PM +0200, ZioPRoTo (Saverio Proto) wrote:
> I notice in my log file I had many entries like this with 1.0.13:
>
> 1307284053 tinc.ninux[15152]: Lost 251 packets from GREG1 (151.28.100.141 port 655)
> 1307284062 tinc.ninux[15152]: Lost 168 packets from GREG1 (151.28.100.141 port 655)
> 1307284072 tinc.ninux[15152]: Lost 146 packets from GREG1 (151.28.100.141 port 655)
>
> where GREG1 is one of my VPN clients. I had similar lines for many
> other clients. I'm running a tincd network of about 60 nodes.
>
> setting ReplayWindow = 0 will help me get rid of this ?
>
> From the change log I don't understand if it is better to have it very
> big or none.
Setting it to 0 will get rid of the log entries, but it does not get rid of the
fact that you have a lot of packet loss. By setting it to 0 you will also
disable protection against replay attacks. So, it is safer to set ReplayWindow
to a large value. Try 64.
> I don't understand how I can have date and time in my log lines
> instead of thos long numbers :) Has it to do with tincd options or
> with syslog options ? However in my /var/log/messages I have standard
> date and time formats :)
> Gentoo runs tincd as follows :
>
> /usr/sbin/tincd --net=ninux --logfile=/var/log/tinc.ninux.log
> --pidfile=/var/run/tinc.ninux.pid
Ah, that is because if you use --logfile, syslog is not used at all. Those long
numbers are "UNIX time" (the number of seconds since 1970-01-01 00:00 UT). I
have been too lazy to have it write time in a human readable format. However, I
do remember someone sending me a patch that does that, so I'll find it and
apply it. However, the --logfile option is more something that is useful when
debugging tinc related issues; it does not work in comination with log rotation
for example. I would recommend removing the --logfile option, and the --pidfile
option also, because it is redundant.
> PS OpenWRT already updated the package repository to Tinc 1.0.14
Great :)
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20110605/bc086093/attachment.pgp>
More information about the tinc
mailing list