similar to: PMTUDiscovery vs ClampMSS

> Currently, i have nodes with PMTUDiscovery =yes and ClampMSS = yes. Hello, these features were introduced in 1.0.13 correct ?? I also understand that the two settings are by default "yes" if not explictly set to "no" in the config file. what may happen if I have a network with mixed versions from 1.0.11 and 1.0.13, where the older daemons do not implement that feature

Aloha! I am new to tinc and I like to figure out my own issues before asking but I am not sure of my next step here. I am not sure if the problem is the VPN configuration or in my network. I will try to be as through as possible. I have two computers that are CentOS with the latest tinc from their respective repositories. Server A is behind a Sophos XG and Server B is behind a Ubiquiti Edge

Hi, I´m using Tinc for several years, but I didn´t fix a performance problem. There a about 20 nodes in this network. Master: 10.0.0.12 (dedicated host in a datacenter, debian, 100mBit port) tinc.conf: Name = TincKnoten12 AddressFamily = ipv4 Interface = tun ProcessPriority=high mode = router #DirectOnly = no Compression=0 PMTUDiscovery = yes #IndirectData = yes #ReplayWindow = 64 #ConnectTo

Am 23.06.2020 08:43, schrieb Luca Bertoncello: And another thing, I discovered right now... > Could you suggest me something to restrict the problem? > Currently, I think the problem can be: > > 1) on Asterisk > 2) on my Gateway/Firewall A couple of years ago I added this entry in my firewall: /sbin/iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS

Hello every one, first time poster, four month shorewaller ;) As the subject states, I''ve been experienced the infamous trouble described in the next excerpt from shorewall.conf # MSS CLAMPING # # Set this variable to "Yes" or "yes" if you want the TCP "Clamp MSS to PMTU" # option. This option is most commonly required when your internet # interface is some

The server has a 1G symmetrical fibre line. It has been speedtested to various local servers to be close to 800-900M. When there is only a single client, there isn't much problem and as soon as the connection is made, the ping time through to tunnel is a respectable 30ms. As soon as a few more clients are connected, ping time degrades to hundreds and sometimes seconds and with dropped packets.

Hi, we are using Tinc in our Freifunk Network in Oldenburg for internode connections over the internet. So Tinc is running on OpenWrt 10.03 on Dlink Dir-300 Routers. We all have enough internet bandwith (1,6 MB/sec and more) but we only get a maximum speed of ~350KB/sec between two tinc nodes because then tinc uses 99% of the cpu. Is it possible to get more Speed with tinc on this machines?

Hi, I upgraded some of my Tinc nodes from 1.0.8 recently and found something strange. All of a sudden, the vpn would not work as a full-mesh. Certain nodes were not contactable. I re-generated my rsa-keys, and checked my configuration. My vpn uses the following in tinc.conf, as I am routing both ipv4 and v6. === name = node1 mode = switch AddressFamily = any PMTU = 1280 PMTUDiscovery = yes

Well this has had me stumped for days now. For months I've been using tinc in TCPOnly because I always received the unknown host error when using UDP. On Monday, i set the flag IndirectData = yes in my host files, and removed the TCPOnly line. Initially, everything worked great. My throughput increased from 600KB/sec to 2MB/sec between the sites. However, I also did some testing with

Hello. I'm living in the country side where the communications are very very poor. My only choice is Satellite connection throw the French company Eurona which uses the network deployed by Skylogicnet. In general the latency is very bad (~800ms) and the network is very unstable. I have been investigating in the ISP routers which are in my path and there are many hops which are done in a

Hi all, I have two nodes, connected to a switch, using Tinc 1.1 from git. They connect each other with sptps, and to other nodes in the Internet with old protocol because they have Tinc 1.0. There is no problem with remote nodes, but between my 2 local nodes, they see 1518 PMTU. But local network is 1500 MTU !!! So nodes can ping each other but larger data does not go. test1=sllm1 test2=sllm2

Hello, all! I have many questions about tap device architecture. What is a right way to calc mtu on TAP device to avoid fragmentation on real eth device? I suppose TAP MTU = 1500-8(UDP)-20(IP)-18(Ethernet) = 1454. So I'd set 1454 for tap device: "ip link set mtu 1454 dev eth0" I'm not shure about what is the exact size of ethernet frame header, which tap device use in switch

Hello! I have 3 PCs - Windows, FreeBSD and Ubuntu. FreeBSD runs as a tinc server as it has a real IP. Ubuntu runs as a tinc client as it has a dynamically changing public IP. Windows has not tinc installed yet. Therefore I use Putty ssh client to ssh to FreeBSD machine (as it has real IP) and then from there I ssh to the Ubuntu box using its virtual IP. The connection establishes well, I can ping

We run tinc in a linux environment in which it sits there waiting for connections from the clients. All clients are configured to only have one ConnectTo which points to this server. We're seeing in the server log that as soon as a client's connection is activated, a whole bunch of "Flushing x bytes to that host would block" is logged and the whole vpn is bogged down and has

Hello, I''m new in the list. I''ve installed Mandrake MNF and it works fine but I''ve a problem in sending emails. Small text mails can go out but bigger ones, with attachements, have problems. My network is formed by Windows workstations and only the firewall is a Linux box. The first simptom is the reaching of ISP''s server time out and then my mail client goes in

While working on SPTPS UDP relaying I realized that there is one issue I didn't account for, which is that the sending node only knows the PMTU to the first relay node. It doesn't know the PMTU of the entire relay path beyond the first hop, because the relay nodes don't provide their own PMTU information over the metaprotocol. Now, in the legacy protocol this is not really an issue,

Clients: Some sites just show the top area not the full page. Some sites cant be reached at all. I think it 90% may be the MTU/MSS problem. But I already have set the shorewall.conf CLAMPMSS=1400 or CLAMPMSS=Yes, but it doest make things good. I would be mad. Anybody helps me would so appreciated! If you want know more info. to diag my problem, I would be please to.

Hello everybody, First a big thanks for tinc-vpn I am still using it next to wireguard and openvpn. I am having a setup where the tinc debian appliance is at 100% cpu load doing about 7.5MB/s. Compression = 9 PMTU = 1400 PMTUDiscovery = yes Cipher = aes-128-cbc How can I pick a cipher that is the fasted for my CPU and don't create a CPU bottleneck at 100%. Kind regards, Jelle de Jong

Hi I have a (bizarre) problem with ssh, which someone has suggested may be down to the MSS value being too high. I know that within Shorewall I can clamp the MSS value to the MTU-40 value, but is there a way I can set MSS to a discreet value? I just want to (dis)prove the MSS theory at the moment (I know it isn''t a real fix). Thanks, Keith

Hello, i run into trouble using tinc in switch mode. Its a simple setup with 2 hosts. Both running tincd 1.0.4 (Debian testing) Setup host A: Server, does not make connections to host B. The vpn0 interface is part of a Linux bridge, witch is ipv4 configured. Setup host B: Makes connections to host A, beside this its configured similar. Now it seems large packets can not be transmitted. I