Problems with tunnel: Got late or replayed packet, packet is 150 seqs in the future, expiring symmetric keys
Håvard Rabbe
hrabbe at me.com
Thu Feb 14 17:54:41 CET 2013
Ok. Thanks for the help. I will try it out, but what means "Expiring symmetric keys"?
All nodes can reach each other, but is there something wrong the keys?
Regards,
Håvard Rabbe
On Feb 14, 2013, at 5:46 PM, Guus Sliepen <guus at tinc-vpn.org> wrote:
> On Wed, Feb 13, 2013 at 01:29:56AM +0100, Håvard Rabbe wrote:
>
>> I have som problems with my vpn tunnel. I have 6 nodes in the network.
> [...]
>> The problem is that get a bunch of errors in the log like the messages below (logs is attached in the email):
>>
>> Got late or replayed packet from JOTPOS ("internal ip" port 655), seqno 68645, last received 68777
>> Packet from JOTPOS ("internal ip" port 655) is 150 seqs in the future, dropped (1)
>> Expiring symmetric keys
>>
>> This results in packet loss and slow speed.
>> Its not like this all the time, but the problem comes and goes.
>
> It seems there is a lot of packet loss and/or reordering of packets somewhere
> in the network between the nodes. If the packets are reordered too much, tinc's
> replay protection mechanism will drop them. You can increase the amount of
> reordering tinc can handle using the ReplayWindow option in tinc.conf. In your
> case, try setting it to 64.
>
>> The time on all nodes is synced through ntp.
>
> Time synchronisation is not needed for tinc (but it's nice to have anyway).
>
> --
> Met vriendelijke groet / with kind regards,
> Guus Sliepen <guus at tinc-vpn.org>
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
More information about the tinc
mailing list