Hello, i run into trouble using tinc in switch mode. Its a simple setup with 2 hosts. Both running tincd 1.0.4 (Debian testing) Setup host A: Server, does not make connections to host B. The vpn0 interface is part of a Linux bridge, witch is ipv4 configured. Setup host B: Makes connections to host A, beside this its configured similar. Now it seems large packets can not be transmitted. I verified it step by step the way with tcpdump. A ping with a size larger then 1400 byte gets not reassembled in the tincd on host B, no matter witch side i use. On host A i see the fragmented udp packets arrive, assembled to a large ping and show up on the bridge interface. Then those pings gets answered and find there way back to host B nicely. They arrive on host B as udp fragments but then dont show up in the bridge. So it seems host B disassembles the packets to udp but not reassembles them. At least i can see the pings. By the way, it seems the PMTU setting has no affect. I lowered the MTU size to 1400, but udp fragments still have a size of 1524. Any ideas? Thanks, Axel
On Sun, May 14, 2006 at 06:42:01PM +0200, Axel Christiansen wrote:> i run into trouble using tinc in switch mode. > Its a simple setup with 2 hosts.[...]> Now it seems large packets can not be transmitted. > I verified it step by step the way with tcpdump. > A ping with a size larger then 1400 byte gets not > reassembled in the tincd on host B, no matter witch > side i use. > > On host A i see the fragmented udp packets arrive, > assembled to a large ping and show up on the bridge > interface. Then those pings gets answered and find > there way back to host B nicely. They arrive on host > B as udp fragments but then dont show up in the bridge. > > So it seems host B disassembles the packets to udp > but not reassembles them. At least i can see the pings. > > By the way, it seems the PMTU setting has no affect. I lowered > the MTU size to 1400, but udp fragments still have a size > of 1524.How did you change the MTU? Using the PMTU configuration option or by setting it with ifconfig? Did you try the PMTUDiscovery option? Ping is not UDP but ICMP. But in any case, fragmentation is handled at the IP layer. Is the DF (dont fragment) bit set on the packets you are sending? -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus@sliepen.eu.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://brouwer.uvt.nl/pipermail/tinc/attachments/20060515/941052bf/attachment.pgp