Metadata socket read error

Guus Sliepen guus at tinc-vpn.org
Fri Jun 28 23:41:18 CEST 2013 

On Thu, Jun 27, 2013 at 01:49:51PM -0700, Matthew Tolle wrote:

> I've had tinc working great for over a year now. They just made some network
> changes at work and now I'm only able to make a connection for a few
> seconds(30) or so before I get a "Metadata socket read error". I wan't to
> think that's some kind of firewall timeout thing but I'm not sure. I have no
> control over the FW or network at work so I'm not clear on what they changed.

It sounds like you are behind a NAT and after the changes it forgets
connections very quickly. If it is a cheap modem or router it might not have
enough memory to keep track of all the outgoing connections at your work.

> 2013-06-27 11:22:45 tinc[1166]: Connection from X.X.X.X port 59325
> 2013-06-27 11:22:45 tinc[1166]: Connection with goaway (X.X.X.X port 59325) activated
> 2013-06-27 11:23:08 tinc[1166]: Metadata socket read error for goaway (X.X.X.X port 59325): Connection reset by peer
> 2013-06-27 11:23:08 tinc[1166]: Closing connection with goaway (X.X.X.X port 59325)
> 
> I'm not sure what the Metadata socket read error means. I tried searching it on this list but couldn't find anything that got answered.

It means the other side closed the connection.

> Here is some more logs from the work(goaway) side. Cranky is my home system.
> 
> 2013-06-27 13:36:26 tinc.vpn[1714]: Trying to connect to cranky (Y.Y.Y.Y port 656)
> 2013-06-27 13:36:29 tinc.vpn[1714]: Connected to cranky (Y.Y.Y.Y port 656)
> 2013-06-27 13:36:29 tinc.vpn[1714]: Connection with cranky (Y.Y.Y.Y port 656) activated
> 2013-06-27 13:36:54 tinc.vpn[1714]: Flushing 83 bytes to cranky (Y.Y.Y.Y port 656) would block 
> 2013-06-27 13:36:54 tinc.vpn[1714]: Flushing 181 bytes to cranky (Y.Y.Y.Y port 656) would block 
> 2013-06-27 13:36:54 tinc.vpn[1714]: Flushing 247 bytes to cranky (Y.Y.Y.Y port 656) would block 
[...]

Tinc's own buffers are starting to fill. That means it isn't getting TCP ACK
packets back from the other side. That is consistent with a NAT that has
forgotten about the connection.

> My linux box will keep connected a great deal longer than my Mac. My linux
> system will stay online for 10-15m before it dumps me. I've tried running top
> on the remote machine and constantly pinging it to keep traffic flowing.
> Doesn't seem to make a difference. 

Constantly pinging will keep the UDP connection alive, but not the TCP
conection tinc uses for metadata. You could try setting PingInterval to 10,
maybe be that helps.

-- 
Met vriendelijke groet / with kind regards,
     Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20130628/f3163c1b/attachment.sig>

More information about the tinc mailing list