You might want to try with https://github.com/gsliepen/tinc/pull/120 - that said, this bug probably doesn't explain everything because tinc is supposed to log a message from setup_vpn_in_socket() anyway, but there's no such message in your log. In addition, I really don't see any way the "Received UDP packet from unknown source" message could be logged if the UDP socket isn't functional. On 14 July 2016 at 05:10, Petr Man <petr at madnetwork.org> wrote:> Good morning, > > Here is the log, I don't see anything unusual. I took the same tinc binary > and tried on two other machines and it works fine - binds to 655/UDP > without issues: > udp UNCONN 0 0 *:655 > *:* users:(("tincd",18872,7)) > tcp LISTEN 0 3 *:655 > *:* users:(("tincd",18872,6)) > > > Petr > > On Thu, Jul 14, 2016 at 12:18 AM, Rob Townley <rob.townley at gmail.com> > wrote: > >> Have anything to do with firewall locations, meaning home vs work vs >> public vs lockdown. Probably not it at all. >> On Jul 13, 2016 3:22 PM, "Etienne Dechamps" <etienne at edechamps.fr> wrote: >> >>> That's strange. Can you post a detailed log from the affected node (run >>> tincd -d5 -D), especially the initialization phase? >>> >>> On 13 July 2016 at 16:17, Petr Man <petr at madnetwork.org> wrote: >>> >>>> Dear all, >>>> >>>> I have been successfully running for quite some time a tinc 1.1 network >>>> in switch mode. I recently added a new node, that refuses to communicate >>>> over UDP. >>>> Running "tinc info mynode" from a different box returns: >>>> Reachability: directly with TCP >>>> >>>> It appears that tincd is not listening on UDP port 655 on "mynode". >>>> Running "ss -nlptu | grep tincd": >>>> tcp LISTEN 0 3 *:655 *:* >>>> users:(("tincd",pid=10097,fd=6)) >>>> >>>> In the log there is a large number of these messages: >>>> Received UDP packet from unknown source 123.321.123.321 port 655 >>>> >>>> I am puzzled how is tincd getting the packets if it is not listening on >>>> 655/UDP. >>>> >>>> When I start netcat on the node on port 655/UDP I can see garbage >>>> coming in from the other nodes trying to initiate an UDP connection. >>>> >>>> Would you have any hints where to start debugging this? All machines >>>> are configured the same way and work fine (various linux versions, >>>> windows). This particular box is on Ubuntu Xenial kernel 4.3.5. >>>> >>>> Best, >>>> Petr >>>> >>>> _______________________________________________ >>>> tinc mailing list >>>> tinc at tinc-vpn.org >>>> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc >>>> >>>> >>> >>> _______________________________________________ >>> tinc mailing list >>> tinc at tinc-vpn.org >>> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc >>> >>> > > _______________________________________________ > tinc mailing list > tinc at tinc-vpn.org > https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc > >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20160714/0ce81a8d/attachment.html>
Hi Etienne, I tried the patch, no change at all. Attached is a new log and also strace log. There is a FD 7 opened (the UDP socket), used and yet "ss -nlptu" doesn't see it. I have a suspicion now there is something wrong with the distro/kernel. As a test: netcat -ul -p600 ss -nlptu | grep netcat gives me no output... Petr On Thu, Jul 14, 2016 at 8:27 PM, Etienne Dechamps <etienne at edechamps.fr> wrote:> You might want to try with https://github.com/gsliepen/tinc/pull/120 - > that said, this bug probably doesn't explain everything because tinc is > supposed to log a message from setup_vpn_in_socket() anyway, but there's no > such message in your log. In addition, I really don't see any way the > "Received UDP packet from unknown source" message could be logged if the > UDP socket isn't functional. > > > On 14 July 2016 at 05:10, Petr Man <petr at madnetwork.org> wrote: > >> Good morning, >> >> Here is the log, I don't see anything unusual. I took the same tinc >> binary and tried on two other machines and it works fine - binds to 655/UDP >> without issues: >> udp UNCONN 0 0 *:655 >> *:* users:(("tincd",18872,7)) >> tcp LISTEN 0 3 *:655 >> *:* users:(("tincd",18872,6)) >> >> >> Petr >> >> On Thu, Jul 14, 2016 at 12:18 AM, Rob Townley <rob.townley at gmail.com> >> wrote: >> >>> Have anything to do with firewall locations, meaning home vs work vs >>> public vs lockdown. Probably not it at all. >>> On Jul 13, 2016 3:22 PM, "Etienne Dechamps" <etienne at edechamps.fr> >>> wrote: >>> >>>> That's strange. Can you post a detailed log from the affected node (run >>>> tincd -d5 -D), especially the initialization phase? >>>> >>>> On 13 July 2016 at 16:17, Petr Man <petr at madnetwork.org> wrote: >>>> >>>>> Dear all, >>>>> >>>>> I have been successfully running for quite some time a tinc 1.1 >>>>> network in switch mode. I recently added a new node, that refuses to >>>>> communicate over UDP. >>>>> Running "tinc info mynode" from a different box returns: >>>>> Reachability: directly with TCP >>>>> >>>>> It appears that tincd is not listening on UDP port 655 on "mynode". >>>>> Running "ss -nlptu | grep tincd": >>>>> tcp LISTEN 0 3 *:655 *:* >>>>> users:(("tincd",pid=10097,fd=6)) >>>>> >>>>> In the log there is a large number of these messages: >>>>> Received UDP packet from unknown source 123.321.123.321 port 655 >>>>> >>>>> I am puzzled how is tincd getting the packets if it is not listening >>>>> on 655/UDP. >>>>> >>>>> When I start netcat on the node on port 655/UDP I can see garbage >>>>> coming in from the other nodes trying to initiate an UDP connection. >>>>> >>>>> Would you have any hints where to start debugging this? All machines >>>>> are configured the same way and work fine (various linux versions, >>>>> windows). This particular box is on Ubuntu Xenial kernel 4.3.5. >>>>> >>>>> Best, >>>>> Petr >>>>> >>>>> _______________________________________________ >>>>> tinc mailing list >>>>> tinc at tinc-vpn.org >>>>> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc >>>>> >>>>> >>>> >>>> _______________________________________________ >>>> tinc mailing list >>>> tinc at tinc-vpn.org >>>> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc >>>> >>>> >> >> _______________________________________________ >> tinc mailing list >> tinc at tinc-vpn.org >> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc >> >> >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20160715/80874a43/attachment-0001.html> -------------- next part -------------- A non-text attachment was scrubbed... Name: strace.log Type: application/octet-stream Size: 454202 bytes Desc: not available URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20160715/80874a43/attachment-0002.obj> -------------- next part -------------- A non-text attachment was scrubbed... Name: tinc.gamevpn.log Type: application/octet-stream Size: 203501 bytes Desc: not available URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20160715/80874a43/attachment-0003.obj>
Hi guys,
I have now done the obvious - swapped out the kernel. Upgrading to 4.5.7
fixed the problem!
udp UNCONN 0 1408 *:655 *:*
users:(("tincd",pid=3242,fd=7))
tcp LISTEN 0 3 *:655 *:*
users:(("tincd",pid=3242,fd=6))
Thank you very much for your time.
Petr
On Fri, Jul 15, 2016 at 7:22 AM, Petr Man <petr at madnetwork.org> wrote:
> Hi Etienne,
>
> I tried the patch, no change at all. Attached is a new log and also strace
> log. There is a FD 7 opened (the UDP socket), used and yet "ss
-nlptu"
> doesn't see it.
>
> I have a suspicion now there is something wrong with the distro/kernel. As
> a test:
>
> netcat -ul -p600
> ss -nlptu | grep netcat
>
> gives me no output...
>
> Petr
>
> On Thu, Jul 14, 2016 at 8:27 PM, Etienne Dechamps <etienne at
edechamps.fr>
> wrote:
>
>> You might want to try with https://github.com/gsliepen/tinc/pull/120 -
>> that said, this bug probably doesn't explain everything because
tinc is
>> supposed to log a message from setup_vpn_in_socket() anyway, but
there's no
>> such message in your log. In addition, I really don't see any way
the
>> "Received UDP packet from unknown source" message could be
logged if the
>> UDP socket isn't functional.
>>
>>
>> On 14 July 2016 at 05:10, Petr Man <petr at madnetwork.org>
wrote:
>>
>>> Good morning,
>>>
>>> Here is the log, I don't see anything unusual. I took the same
tinc
>>> binary and tried on two other machines and it works fine - binds to
655/UDP
>>> without issues:
>>> udp UNCONN 0 0 *:655
>>> *:* users:(("tincd",18872,7))
>>> tcp LISTEN 0 3 *:655
>>> *:* users:(("tincd",18872,6))
>>>
>>>
>>> Petr
>>>
>>> On Thu, Jul 14, 2016 at 12:18 AM, Rob Townley <rob.townley at
gmail.com>
>>> wrote:
>>>
>>>> Have anything to do with firewall locations, meaning home vs
work vs
>>>> public vs lockdown. Probably not it at all.
>>>> On Jul 13, 2016 3:22 PM, "Etienne Dechamps"
<etienne at edechamps.fr>
>>>> wrote:
>>>>
>>>>> That's strange. Can you post a detailed log from the
affected node
>>>>> (run tincd -d5 -D), especially the initialization phase?
>>>>>
>>>>> On 13 July 2016 at 16:17, Petr Man <petr at
madnetwork.org> wrote:
>>>>>
>>>>>> Dear all,
>>>>>>
>>>>>> I have been successfully running for quite some time a
tinc 1.1
>>>>>> network in switch mode. I recently added a new node,
that refuses to
>>>>>> communicate over UDP.
>>>>>> Running "tinc info mynode" from a different
box returns:
>>>>>> Reachability: directly with TCP
>>>>>>
>>>>>> It appears that tincd is not listening on UDP port 655
on "mynode".
>>>>>> Running "ss -nlptu | grep tincd":
>>>>>> tcp LISTEN 0 3 *:655
*:*
>>>>>> users:(("tincd",pid=10097,fd=6))
>>>>>>
>>>>>> In the log there is a large number of these messages:
>>>>>> Received UDP packet from unknown source 123.321.123.321
port 655
>>>>>>
>>>>>> I am puzzled how is tincd getting the packets if it is
not listening
>>>>>> on 655/UDP.
>>>>>>
>>>>>> When I start netcat on the node on port 655/UDP I can
see garbage
>>>>>> coming in from the other nodes trying to initiate an
UDP connection.
>>>>>>
>>>>>> Would you have any hints where to start debugging this?
All machines
>>>>>> are configured the same way and work fine (various
linux versions,
>>>>>> windows). This particular box is on Ubuntu Xenial
kernel 4.3.5.
>>>>>>
>>>>>> Best,
>>>>>> Petr
>>>>>>
>>>>>> _______________________________________________
>>>>>> tinc mailing list
>>>>>> tinc at tinc-vpn.org
>>>>>> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>>>>>>
>>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> tinc mailing list
>>>>> tinc at tinc-vpn.org
>>>>> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>>>>>
>>>>>
>>>
>>> _______________________________________________
>>> tinc mailing list
>>> tinc at tinc-vpn.org
>>> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://www.tinc-vpn.org/pipermail/tinc/attachments/20160715/6b4882de/attachment.html>