tinc-pre* between gentoo and raspbian

Mathias mathiaswe at gmx.de
Fri Dec 6 13:15:57 CET 2019 

Dear all,
I have a bit of a complicated tinc setup yielding weird results that I
cannot explain. I would be glad if maybe someone here could help me out.

I have 3 machines (with IP addresses in my tinc network)
machine A (10.0.0.2) runs gentoo, tinc-1.1_pre17, behind router Y
machine B (10.0.0.3) runs gentoo, tinc-1.1pre15, behind router X
machine C (10.0.0.1) runs raspbian, tinc-1.1pre15, behind router X
router X is set to forward 655 to (C) and 24000 to (B)

Now, my problem is that, from (A) I cannot use any services of (C).
Here's what I can and cannot do:
1) from machine (A), I can ping both (B) and (C)
2) nmap from (A) to (C) shows all open ports correctly
3) nc from (A) cannot establish a connection to any port of (C)
4) nc from (A) can access all services of (B) correctly
5) nc from (B) can access all services of (C) correctly

connections are (tinc -n <netname> dump connections)
(A): (C) at <IP of X> port 655 options 700000c socket 14 status 100
(B): (C) at <IP of X> port 655 options 700000c socket 13 status 100
(C): (B) at <IP of X> port 34998 options 700000c socket 12 status 100
     (A) at <IP of Y> port 32820 options 700000c socket 9 status 100

tshark capture on (A) of "curl 10.0.0.1" from (A)
>     1 0.000000000     10.0.0.2 → 10.0.0.1     TCP 60 46736 → 80 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 SACK_PERM=1 TSval=3299780639 TSecr=0 WS=128
>     2 0.039290163     10.0.0.1 → 10.0.0.2     TCP 60 80 → 46736 [SYN, ACK] Seq=0 Ack=1 Win=28960 Len=0 MSS=1385 SACK_PERM=1 TSval=3219761779 TSecr=3299780639 WS=64
>     3 0.039333808     10.0.0.2 → 10.0.0.1     TCP 52 46736 → 80 [ACK] Seq=1 Ack=1 Win=64256 Len=0 TSval=3299780678 TSecr=3219761779
>     4 0.039510768     10.0.0.2 → 10.0.0.1     HTTP 124 GET / HTTP/1.1
>     5 0.072584019     10.0.0.1 → 10.0.0.2     TCP 52 80 → 46736 [ACK] Seq=1 Ack=73 Win=28992 Len=0 TSval=3219761814 TSecr=3299780679
>     6 5.089388544     10.0.0.1 → 10.0.0.2     TCP 52 [TCP Previous segment not captured] 80 → 46736 [FIN, ACK] Seq=522 Ack=73 Win=28992 Len=0 TSval=3219766827 TSecr=3299780679
>     7 5.089412034     10.0.0.2 → 10.0.0.1     TCP 64 [TCP Dup ACK 3#1] 46736 → 80 [ACK] Seq=73 Ack=1 Win=64256 Len=0 TSval=3299785728 TSecr=3219761814 SLE=522 SRE=523


tshark capture on (C) of the same "curl 10.0.0.1"
>     1 0.000000000     10.0.0.2 → 10.0.0.1     TCP 60 46736 → 80 [SYN] Seq=0 Win=64240 Len=0 MSS=1385 SACK_PERM=1 TSval=3299780639 TSecr=0 WS=128
>     2 0.000236995     10.0.0.1 → 10.0.0.2     TCP 60 80 → 46736 [SYN, ACK] Seq=0 Ack=1 Win=28960 Len=0 MSS=1460 SACK_PERM=1 TSval=3219761779 TSecr=3299780639 WS=64
>     3 0.034262240     10.0.0.2 → 10.0.0.1     TCP 52 46736 → 80 [ACK] Seq=1 Ack=1 Win=64256 Len=0 TSval=3299780678 TSecr=3219761779
>     4 0.034526234     10.0.0.2 → 10.0.0.1     HTTP 124 GET / HTTP/1.1
>     5 0.034783228     10.0.0.1 → 10.0.0.2     TCP 52 80 → 46736 [ACK] Seq=1 Ack=73 Win=28992 Len=0 TSval=3219761814 TSecr=3299780679
>     6 0.040449102     10.0.0.1 → 10.0.0.2     HTTP 573 HTTP/1.1 301 Moved Permanently  (text/html)
>     7 0.313040054     10.0.0.1 → 10.0.0.2     TCP 573 [TCP Retransmission] 80 → 46736 [PSH, ACK] Seq=1 Ack=73 Win=28992 Len=521 TSval=3219762092 TSecr=3299780679
>     8 5.048481980     10.0.0.1 → 10.0.0.2     TCP 52 80 → 46736 [FIN, ACK] Seq=522 Ack=73 Win=28992 Len=0 TSval=3219766827 TSecr=3299780679
>     9 5.083993192     10.0.0.2 → 10.0.0.1     TCP 64 [TCP Dup ACK 3#1] 46736 → 80 [ACK] Seq=73 Ack=1 Win=64256 Len=0 TSval=3299785728 TSecr=3219761814 SLE=522 SRE=523
>    10 5.084198187     10.0.0.1 → 10.0.0.2     TCP 573 [TCP Retransmission] 80 → 46736 [PSH, ACK] Seq=1 Ack=73 Win=28992 Len=521 TSval=3219766863 TSecr=3299785728
>    11 5.333075665     10.0.0.1 → 10.0.0.2     TCP 573 [TCP Retransmission] 80 → 46736 [PSH, ACK] Seq=1 Ack=73 Win=28992 Len=521 TSval=3219767112 TSecr=3299785728
>    12 5.823118792     10.0.0.1 → 10.0.0.2     TCP 573 [TCP Retransmission] 80 → 46736 [PSH, ACK] Seq=1 Ack=73 Win=28992 Len=521 TSval=3219767602 TSecr=3299785728
>    13 6.863072716     10.0.0.1 → 10.0.0.2     TCP 573 [TCP Retransmission] 80 → 46736 [PSH, ACK] Seq=1 Ack=73 Win=28992 Len=521 TSval=3219768642 TSecr=3299785728
>    14 8.863081338     10.0.0.1 → 10.0.0.2     TCP 573 [TCP Retransmission] 80 → 46736 [PSH, ACK] Seq=1 Ack=73 Win=28992 Len=521 TSval=3219770642 TSecr=3299785728
>    15 12.783077356     10.0.0.1 → 10.0.0.2     TCP 573 [TCP Retransmission] 80 → 46736 [PSH, ACK] Seq=1 Ack=73 Win=28992 Len=521 TSval=3219774562 TSecr=3299785728
>    16 14.143988159          N/A → N/A          N/A 32 Raw packet data
>    17 20.543097166     10.0.0.1 → 10.0.0.2     TCP 573 [TCP Retransmission] 80 → 46736 [PSH, ACK] Seq=1 Ack=73 Win=28992 Len=521 TSval=3219782322 TSecr=3299785728

seems to me that the answer of 10.0.0.1 (machine C) never makes it back
to 10.0.0.2 (machine A).

Observe:
1. (gentoo + 1.15) - (raspbian + 1.15) works
2. (gentoo + 1.17) - (gentoo + 1.15) works
3. (gentoo + 1.17) - (raspbian + 1.15) breaks

Thanks & best regards
-Mathias

More information about the tinc mailing list