no connectivity to some hosts behind tinc for the first few seconds
Tomasz Chmielewski
mangoo at wpkg.org
Tue Feb 21 08:39:19 CET 2017
On 2017-02-21 12:38, Tomasz Chmielewski wrote:
> I have the following tinc setup:
>
> client -- tinc DC1 -- tinc DC2 -- 10.1.2.0/24 subnet
>
>
> It generally works well, however, there is one issue I'm not able to
> solve: *sometimes*, connectivity to *some* destinations does not work
> for the first few seconds.
I was able to reproduce it reliably in the following simplified
scenario:
tinc DC1 -- tinc DC2 -- MASQUERADE -- 10.1.2.3 (webserver)
Script to reproduce (it tries to fetch the URL for 5 seconds, exits if
it fails):
#!/bin/bash
set -e
i=1
while true ; do
echo "Run number $i"
curl -s -m 5 10.1.2.3/XXXXXXXX >/dev/null
echo $?
i=$((i+1))
done
Usually, it will break after about 30 iterations.
"time curl -s -m 5 10.1.2.3/XXXXXXXX" takes around 0.2-0.3 secs to
execute - so 5 seconds should be enough time.
tshark shows "TCP Spurious Retransmission" for cases where curl is not
able to fetch any data.
Both tinc servers are running Ubuntu 16.04 (64 bit) with tinc 1.0.26.
DC1 is Europe (Hetzner); DC2 is in USA (Amazon AWS).
What's interesting, I don't have these timeouts when I replace tinc with
openvpn.
Any help appreciated!
Tomasz Chmielewski
https://lxadm.com
More information about the tinc
mailing list