Pavel Georgiev
2008-Feb-29 11:41 UTC
Received UDP packet from unknown source 1.2.3.4 (port 12345)
Hi list, I have a VPN mesh with ~10 nodes. A recently added node experience the 'Received UDP packet from unknown source' problem. I read in the faq this is probably caused by a NAT rule on wither side, but I dont have such rules. The thing is that IP in the 'Received UDP packet from unknown source ' message is exactly what I have configured. The problem solves itself with time and this is marked in the logs as: tinc.vpn[25833]: Lost 219 packets from UA_VPN When the tunnel works, both source and destination port of the udp packets is 655, while when I experience the problem the source port of the node that has the problems is 602/601. I run tcpdump on that node and the packets have exactly that port when they leave the box, so its not something that gets rewritten on the way to the other node. Has anyone else experienced this? Both nodes running Ubuntu 6.06 / tinc 1.0.4 (binary install).
Guus Sliepen
2008-Mar-02 13:56 UTC
Received UDP packet from unknown source 1.2.3.4 (port 12345)
On Fri, Feb 29, 2008 at 01:41:54PM +0200, Pavel Georgiev wrote:> I have a VPN mesh with ~10 nodes. A recently added node experience > the 'Received UDP packet from unknown source' problem. I read in the faq this > is probably caused by a NAT rule on wither side, but I dont have such rules. > > The thing is that IP in the 'Received UDP packet from unknown source ' message > is exactly what I have configured. The problem solves itself with time and > this is marked in the logs as: > > tinc.vpn[25833]: Lost 219 packets from UA_VPN > > When the tunnel works, both source and destination port of the udp packets is > 655, while when I experience the problem the source port of the node that has > the problems is 602/601. I run tcpdump on that node and the packets have > exactly that port when they leave the box, so its not something that gets > rewritten on the way to the other node.Since tinc only sets up the socket for UDP once, tinc itself never changes the source port. So either there is NAT somewhere (on the network between the nodes or on either the sending or receiving node), or you have a buggy kernel, or a buggy network card/cable/router. If you run tcpdump on the box sending those strange UDP packets, and it already has source port 602/601 there, it's either NAT on that box or a buggy kernel... -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://www.tinc-vpn.org/pipermail/tinc/attachments/20080302/8ccd9f38/attachment.pgp