Well this has had me stumped for days now. For months I've been using tinc in TCPOnly because I always received the unknown host error when using UDP. On Monday, i set the flag IndirectData = yes in my host files, and removed the TCPOnly line. Initially, everything worked great. My throughput increased from 600KB/sec to 2MB/sec between the sites. However, I also did some testing with compression settings in the host files. On the first test after setting Compression = 10, I lost full functionality. I can still establish the VPN, and hosts are able to ping between eachother, but if I try to transfer a file for example, it will not work. I removed the Compression line from the hosts files, and went back to the working UDP configuration that gave me 2MB/sec. However the problem did not go away. I say I think there is an IP/UDP frame size issue because the firewall software I use, SoftPerfect Personal Firewall, is reporting this error in it's logs when I try to do something like a file transfer. I am able to ping between hosts with packet sizes up to 1417 bytes. I did some testing with setting the PMTU value and setting PMTUDiscover no, however it had no affect. Both hosts are running Windows XP. Host files; Address = argyle.thruhere.net Port = 8002 IndirectData = yes # PMTU = 1024 # PMTUDiscovery = no #TCPOnly = Yes -----BEGIN RSA PUBLIC KEY----- Address = nixon.endoftheinternet.org Port = 8003 IndirectData = yes # PMTU = 1024 # PMTUDiscovery = no #TCPOnly = Yes -----BEGIN RSA PUBLIC KEY----- tinc.conf for both is very simple; Name = <Argyle | Nixon> ConnectTo = <Argyle | Nixon> Interface = Tinc Mode = switch # # Thoughts? Thanks! Donald -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.tinc-vpn.org/pipermail/tinc/attachments/20090305/14010561/attachment.htm
> For months I've been using tinc in TCPOnly because I always received the > unknown host error when using UDP. > On Monday, i set the flag IndirectData = yes in my host files, and removed > the TCPOnly line.I have simple rule for using tcponly and indirectaata. If the computer has externl ip, no NAT router between, remove them and use udp. If you have NAT router between tinc server/computer and internet, use both flags (set yes). This works for 5 years now :-) ALBI...
On Thu, Mar 05, 2009 at 07:02:53PM -0500, Donald Pearson wrote: [...]> I removed the Compression line from the hosts files, and went back to the > working UDP configuration that gave me 2MB/sec. > > However the problem did not go away. I say I think there is an IP/UDP frame > size issue because the firewall software I use, SoftPerfect Personal > Firewall, is reporting this error in it's logs when I try to do something > like a file transfer. > > I am able to ping between hosts with packet sizes up to 1417 bytes. > > I did some testing with setting the PMTU value and setting PMTUDiscover > no, however it had no affect.It seems there is a problem if both PMTUDiscovery and Compression is used. Another problem is that both sides must have PMTUDiscovery = no, otherwise it will still be enabled anyway. Michael Tokarev has also seen this problem. I'll have a better look at the code and I'll try to reproduce it myself, and see if I can fix it. In the mean time, the workaround is to explicitly disable PMTUDiscovery and Compression. -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: Digital signature Url : http://www.tinc-vpn.org/pipermail/tinc/attachments/20090306/6930b5ab/attachment.pgp