similar to: MTU issues

Hi, I believe I have found a bug with regard to the LocalDiscovery feature. This is on tinc-1.1pre7 between two Windows nodes. Steps to reproduce: - Get two nodes talking using LocalDiscovery (e.g. put them on the same LAN behind a NAT with no metaconnection to each other) - Make one ping the other. Expected result: - The two nodes should ping each other without any packet loss, hopefully at

I've noticed some inconsistent performance with some of my tunnels and thought I would take some of the spare free time I have over the holidays to try to figure out what the cause of that may be. My environment in this case is my home LAN. Please forgive my use of the terms "server" and "client" in this email, I only use these terms to simply explanation. I statically

Hi all, I have two nodes, connected to a switch, using Tinc 1.1 from git. They connect each other with sptps, and to other nodes in the Internet with old protocol because they have Tinc 1.0. There is no problem with remote nodes, but between my 2 local nodes, they see 1518 PMTU. But local network is 1500 MTU !!! So nodes can ping each other but larger data does not go. test1=sllm1 test2=sllm2

Hi all! I still have never managed to fully wrap my head around how UDP data tunnels can be established between nodes. Everytime I think I understand it, I see something that confuses me again Just now I am seeing the following: I have nodes A, B + C A has everybody's keys and host configuration files. B and C only have A's key, and host config with A's public IP address. B and

Hello, all! I have many questions about tap device architecture. What is a right way to calc mtu on TAP device to avoid fragmentation on real eth device? I suppose TAP MTU = 1500-8(UDP)-20(IP)-18(Ethernet) = 1454. So I'd set 1454 for tap device: "ip link set mtu 1454 dev eth0" I'm not shure about what is the exact size of ethernet frame header, which tap device use in switch

Hello. I've just tested my system that runs dovecot 2.3.4.1 on debian buster with testssl.sh (https://testssl.sh/) and is says: Secure Renegotiation (CVE-2009-3555) not vulnerable (OK) Secure Client-Initiated Renegotiation VULNERABLE (NOT ok), potential DoS threat Is this a configuration or a compilation issue and how to solve it? -- sergio.

Hi Guus, while checking the source code, I stumbled upon PMTU Discovery. I've got a question regarding the process of sending/receiving PMTU packets. As I understand, the packet flow is like this: 1 .Tinc creates a packet with a specific payload length to send it as an PMTU probe. (The data part is just some random bytes.) 2. This packet gets compressed and sent

Hi Keir: [NET] front: Fix features on resume when csum is off When the netfront driver is resumed the features are renegotiated with the backend. However, I forgot take into account the status of the TX checksum setting. When TX checksum is disabled by the user, we cannot enable SG or TSO since both require checksum offload. This patch makes xennet check the checksum setting before

Hello, I don't know who will read this message, but I found this thread: https://www.mail-archive.com/search?l=dovecot at dovecot.org&q=subject:%22Dovecot+2.3.0+TLS%22&o=newest And I'm expected the same issue, I will try to explain to you (english is not my native language, sorry) Since Buster update, so Dovecot update too, I'm not able to connect to my mail server from my

On Thu, Mar 10, 2016 at 12:30 PM, Osiris <dovecot at flut.demon.nl> wrote: > On 09-03-16 13:14, djk wrote: >> On 09/03/16 10:44, Florent B wrote: >>> Hi, >>> >>> I don't see any SSL configuration option in Dovecot to disable >>> "Client-initiated secure renegotiation". >>> >>> It is advised to disable it as it can

Hi Guus, Am Freitag, den 25.09.2015, 09:36 +0200 schrieb Guus Sliepen: > On Fri, Sep 25, 2015 at 08:41:06AM +0200, Marcus Schopen wrote: > > > I'm running some tinc clients behind a NAT (masquerading, Cisco Router) > > connecting to a host outside on a public IP in a different network. The > > tunnels get unstable every few minutes and I see packet loss when > >

Hi, I'm running some tinc clients behind a NAT (masquerading, Cisco Router) connecting to a host outside on a public IP in a different network. The tunnels get unstable every few minutes and I see packet loss when pinging the clients on their internal tunnel IPs from the host side. Before putting the tinc clients behind the NAT they were running on public IPs too (clients and host in

Hello list! I've run into a strange problem today and I was hoping that someone here has seen this before and maybe can give me a hand: I'm using asterisk 1.6.0.22 in this config: (A)PATTON ISDN ->(B) ASTERISK -> (C)PATTON PRI -> PSTN -> (D)OTHER PBX Strange Problem: USER A calls makes a call to a PBX over the PSTN and ends into an IVR. When the user makes a selection and

Dear Guus, while improving the PMTU Discovery algorithm, I found the following behavior in the method "send_udppacket": 1) The code checks, whether the data size is smaller than the MTU, thus if it fits into a single UDP packet. If not, you send the packet via TCP. 2) The data is compressed, changing its size. (Usually, making it smaller, but that's not always

While working on SPTPS UDP relaying I realized that there is one issue I didn't account for, which is that the sending node only knows the PMTU to the first relay node. It doesn't know the PMTU of the entire relay path beyond the first hop, because the relay nodes don't provide their own PMTU information over the metaprotocol. Now, in the legacy protocol this is not really an issue,

Howdy Folks, I've got a 5 node setup here. My server "home" is the primary server that all other servers connect to. The configs on all the servers look like this: # cat /etc/tinc/home/hosts/node1 Subnet = 10.2.0.0/16 Address = 192.168.2.1 <RSA KEY> # cat /etc/tinc/home/hosts/node2 Subnet = 10.3.0.0/16 Address = 192.168.3.1 <RSA KEY> Etc. All the hosts are setup

On 09/03/16 10:44, Florent B wrote: > Hi, > > I don't see any SSL configuration option in Dovecot to disable > "Client-initiated secure renegotiation". > > It is advised to disable it as it can cause DDoS (CVE-2011-1473). > > Is it possible to have this possibility through an SSL option or other ? > > Thank you. > > Florent ssl_protocols = !SSLv3

I'm running Tinc on a Linux machine inside my home network, connecting through a NATing router to a Tinc server out on the Internet. I've noticed that fairly frequently the SSH sessions I leave open (but unused) get aborted with a "Connection reset by peer" message. When I investigated closely, I found that after a period of inactivity my router times out the UDP

On Thu, 7 Nov 2013, Ernst Kratschmer wrote: > Dear openssh developer, > > I want to use a Win7 client with putty to access a Linux host running an > openssh 6.2p2 through a VPN connection. These connection worked relatively > flawless with all versions of openssh up until openssh 6.1p1. Since the > openssh 6.2p2 upgrade the ssh connection fail consistently with a message:

Hi, I've got a relatively simple tinc setup. I've got two "servers" that are on the public internet that act as routers for three "clients" that are behind NATs. Those servers are called aaaaa and bbbbb the clients are xxxxx, yyyyy and zzzzz Unfortunatly the servers have problems accepting a connection from the clients syslog on aaaaa: Sep 29 18:28:58 schuerrer