Problems with tunnel: Got late or replayed packet, packet is 150 seqs in the future, expiring symmetric keys
Guus Sliepen
guus at tinc-vpn.org
Thu Feb 14 17:46:59 CET 2013
On Wed, Feb 13, 2013 at 01:29:56AM +0100, Håvard Rabbe wrote:
> I have som problems with my vpn tunnel. I have 6 nodes in the network.
[...]
> The problem is that get a bunch of errors in the log like the messages below (logs is attached in the email):
>
> Got late or replayed packet from JOTPOS ("internal ip" port 655), seqno 68645, last received 68777
> Packet from JOTPOS ("internal ip" port 655) is 150 seqs in the future, dropped (1)
> Expiring symmetric keys
>
> This results in packet loss and slow speed.
> Its not like this all the time, but the problem comes and goes.
It seems there is a lot of packet loss and/or reordering of packets somewhere
in the network between the nodes. If the packets are reordered too much, tinc's
replay protection mechanism will drop them. You can increase the amount of
reordering tinc can handle using the ReplayWindow option in tinc.conf. In your
case, try setting it to 64.
> The time on all nodes is synced through ntp.
Time synchronisation is not needed for tinc (but it's nice to have anyway).
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20130214/57cb075d/attachment.pgp>
More information about the tinc
mailing list