Hi, I've been running tinc for a couple of months and it's great, but I have a periodic problem which maybe you guys can figure out. I operate a 3-node tinc VPN, lets say A, B and C. A / \ B --- C The problem is that after a while, node C can't exchange data with node B. It works fine (ping and other traffic) for about 10 minutes, then fails. Here is some debug output as seen from node C. When the problem occurs: Got late or replayed packet from koneko (84.92.216.214 port 655), seqno 5, last received 40031 Got late or replayed packet from koneko (84.92.216.214 port 655), seqno 6, last received 40031 Got late or replayed packet from koneko (84.92.216.214 port 655), seqno 7, last received 40031 Got late or replayed packet from koneko (84.92.216.214 port 655), seqno 8, last received 40031 (koneko is on the physical LAN of node B) So, the connection times out. If you try and reestablish the connection between C and B: Temporarily setting debug level to 5. Kill me with SIGINT again to go back to level 0. Read packet of 74 bytes from Linux tun/tap device (tun mode) Sending packet of 74 bytes to lleuad (84.92.216.214 port 655) No valid key known yet for lleuad (84.92.216.214 port 655), queueing packet Sending REQ_KEY to lleuad (84.92.216.214 port 4227): 15 athos lleuad Sending 16 bytes of metadata to lleuad (84.92.216.214 port 4227) Got ANS_KEY from lleuad (84.92.216.214 port 4227): 16 lleuad athos 14EDE2A2E4C14F97B3CBF94A388C79C420D6096B29D9F1EB 91 64 4 0 Flushing queue for lleuad (84.92.216.214 port 655) Got REQ_KEY from lleuad (84.92.216.214 port 4227): 15 lleuad athos Sending ANS_KEY to lleuad (84.92.216.214 port 4227): 16 athos lleuad 43D869F952C38107C4DB5997B83A33F99AE5D4B3188E50EF 91 64 4 0 Sending 75 bytes of metadata to lleuad (84.92.216.214 port 4227) Got late or replayed packet from koneko (84.92.216.214 port 655), seqno 1, last received 40031 Connection from 84.92.216.214 port 39706 Sending ID to (null) (84.92.216.214 port 39706): 0 athos 17 Sending 11 bytes of metadata to (null) (84.92.216.214 port 39706) Got ID from (null) (84.92.216.214 port 39706): 0 koneko 17 Sending METAKEY to koneko (84.92.216.214 port 39706): 1 94 64 0 0 AD9F91CC49E4FF565A8048BF97B584B23A44B9915E0D6C38E8998104744DA5F0C4D534B40862DC66DB608AC06BA243866E155C5BDAEABE26995625D644E018942A4635A3491A38E5008F7517635F74A8DBF6EDCC3B9B1433DA54C2CE2236B2163EE6B24C4F04D7EAA881A7B98E63A9D4790803E61D55A4DF94F22742EC2C4E5A Sending 269 bytes of metadata to koneko (84.92.216.214 port 39706) Connection closed by koneko (84.92.216.214 port 39706) Closing connection with koneko (84.92.216.214 port 39706 And it won't work until i restart tincd on node C. This happens no matter what ConnectTo statements exist. Any ideas? Many thanks. Dan
On Mon, Jan 16, 2006 at 09:59:07PM +0000, Dan Ros wrote:> Hi, I've been running tinc for a couple of months and it's great, but I > have a periodic problem which maybe you guys can figure out. I operate a > 3-node tinc VPN, lets say A, B and C. > > A > / \ > B --- C > > The problem is that after a while, node C can't exchange data with node > B. It works fine (ping and other traffic) for about 10 minutes, then > fails. Here is some debug output as seen from node C. > > When the problem occurs: > > Got late or replayed packet from koneko (84.92.216.214 port 655), seqno > 5, last received 40031 > Got late or replayed packet from koneko (84.92.216.214 port 655), seqno > 6, last received 40031 > Got late or replayed packet from koneko (84.92.216.214 port 655), seqno > 7, last received 40031 > Got late or replayed packet from koneko (84.92.216.214 port 655), seqno > 8, last received 40031You sent logs, but can you also send me all configuration files (tinc.conf, hosts/* and tinc-up of all the hosts)?> Sending 75 bytes of metadata to lleuad (84.92.216.214 port 4227) > Got late or replayed packet from koneko (84.92.216.214 port 655), seqno 1, last received 40031Hm, it looks like both lleuad and koneko are on the same IP address. Why is that? Is lleuad masqueraded by koneko? Or are there two tinc daemons running on the same machine? -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus@sliepen.eu.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : brouwer.uvt.nl/pipermail/tinc/attachments/20060117/3c0bd952/attachment.pgp