You might want to try with https://github.com/gsliepen/tinc/pull/120 - that said, this bug probably doesn't explain everything because tinc is supposed to log a message from setup_vpn_in_socket() anyway, but there's no such message in your log. In addition, I really don't see any way the "Received UDP packet from unknown source" message could be logged if the UDP socket isn't functional. On 14 July 2016 at 05:10, Petr Man <petr at madnetwork.org> wrote:> Good morning, > > Here is the log, I don't see anything unusual. I took the same tinc binary > and tried on two other machines and it works fine - binds to 655/UDP > without issues: > udp UNCONN 0 0 *:655 > *:* users:(("tincd",18872,7)) > tcp LISTEN 0 3 *:655 > *:* users:(("tincd",18872,6)) > > > Petr > > On Thu, Jul 14, 2016 at 12:18 AM, Rob Townley <rob.townley at gmail.com> > wrote: > >> Have anything to do with firewall locations, meaning home vs work vs >> public vs lockdown. Probably not it at all. >> On Jul 13, 2016 3:22 PM, "Etienne Dechamps" <etienne at edechamps.fr> wrote: >> >>> That's strange. Can you post a detailed log from the affected node (run >>> tincd -d5 -D), especially the initialization phase? >>> >>> On 13 July 2016 at 16:17, Petr Man <petr at madnetwork.org> wrote: >>> >>>> Dear all, >>>> >>>> I have been successfully running for quite some time a tinc 1.1 network >>>> in switch mode. I recently added a new node, that refuses to communicate >>>> over UDP. >>>> Running "tinc info mynode" from a different box returns: >>>> Reachability: directly with TCP >>>> >>>> It appears that tincd is not listening on UDP port 655 on "mynode". >>>> Running "ss -nlptu | grep tincd": >>>> tcp LISTEN 0 3 *:655 *:* >>>> users:(("tincd",pid=10097,fd=6)) >>>> >>>> In the log there is a large number of these messages: >>>> Received UDP packet from unknown source 123.321.123.321 port 655 >>>> >>>> I am puzzled how is tincd getting the packets if it is not listening on >>>> 655/UDP. >>>> >>>> When I start netcat on the node on port 655/UDP I can see garbage >>>> coming in from the other nodes trying to initiate an UDP connection. >>>> >>>> Would you have any hints where to start debugging this? All machines >>>> are configured the same way and work fine (various linux versions, >>>> windows). This particular box is on Ubuntu Xenial kernel 4.3.5. >>>> >>>> Best, >>>> Petr >>>> >>>> _______________________________________________ >>>> tinc mailing list >>>> tinc at tinc-vpn.org >>>> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc >>>> >>>> >>> >>> _______________________________________________ >>> tinc mailing list >>> tinc at tinc-vpn.org >>> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc >>> >>> > > _______________________________________________ > tinc mailing list > tinc at tinc-vpn.org > https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc > >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20160714/0ce81a8d/attachment.html>
Hi Etienne, I tried the patch, no change at all. Attached is a new log and also strace log. There is a FD 7 opened (the UDP socket), used and yet "ss -nlptu" doesn't see it. I have a suspicion now there is something wrong with the distro/kernel. As a test: netcat -ul -p600 ss -nlptu | grep netcat gives me no output... Petr On Thu, Jul 14, 2016 at 8:27 PM, Etienne Dechamps <etienne at edechamps.fr> wrote:> You might want to try with https://github.com/gsliepen/tinc/pull/120 - > that said, this bug probably doesn't explain everything because tinc is > supposed to log a message from setup_vpn_in_socket() anyway, but there's no > such message in your log. In addition, I really don't see any way the > "Received UDP packet from unknown source" message could be logged if the > UDP socket isn't functional. > > > On 14 July 2016 at 05:10, Petr Man <petr at madnetwork.org> wrote: > >> Good morning, >> >> Here is the log, I don't see anything unusual. I took the same tinc >> binary and tried on two other machines and it works fine - binds to 655/UDP >> without issues: >> udp UNCONN 0 0 *:655 >> *:* users:(("tincd",18872,7)) >> tcp LISTEN 0 3 *:655 >> *:* users:(("tincd",18872,6)) >> >> >> Petr >> >> On Thu, Jul 14, 2016 at 12:18 AM, Rob Townley <rob.townley at gmail.com> >> wrote: >> >>> Have anything to do with firewall locations, meaning home vs work vs >>> public vs lockdown. Probably not it at all. >>> On Jul 13, 2016 3:22 PM, "Etienne Dechamps" <etienne at edechamps.fr> >>> wrote: >>> >>>> That's strange. Can you post a detailed log from the affected node (run >>>> tincd -d5 -D), especially the initialization phase? >>>> >>>> On 13 July 2016 at 16:17, Petr Man <petr at madnetwork.org> wrote: >>>> >>>>> Dear all, >>>>> >>>>> I have been successfully running for quite some time a tinc 1.1 >>>>> network in switch mode. I recently added a new node, that refuses to >>>>> communicate over UDP. >>>>> Running "tinc info mynode" from a different box returns: >>>>> Reachability: directly with TCP >>>>> >>>>> It appears that tincd is not listening on UDP port 655 on "mynode". >>>>> Running "ss -nlptu | grep tincd": >>>>> tcp LISTEN 0 3 *:655 *:* >>>>> users:(("tincd",pid=10097,fd=6)) >>>>> >>>>> In the log there is a large number of these messages: >>>>> Received UDP packet from unknown source 123.321.123.321 port 655 >>>>> >>>>> I am puzzled how is tincd getting the packets if it is not listening >>>>> on 655/UDP. >>>>> >>>>> When I start netcat on the node on port 655/UDP I can see garbage >>>>> coming in from the other nodes trying to initiate an UDP connection. >>>>> >>>>> Would you have any hints where to start debugging this? All machines >>>>> are configured the same way and work fine (various linux versions, >>>>> windows). This particular box is on Ubuntu Xenial kernel 4.3.5. >>>>> >>>>> Best, >>>>> Petr >>>>> >>>>> _______________________________________________ >>>>> tinc mailing list >>>>> tinc at tinc-vpn.org >>>>> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc >>>>> >>>>> >>>> >>>> _______________________________________________ >>>> tinc mailing list >>>> tinc at tinc-vpn.org >>>> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc >>>> >>>> >> >> _______________________________________________ >> tinc mailing list >> tinc at tinc-vpn.org >> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc >> >> >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20160715/80874a43/attachment-0001.html> -------------- next part -------------- A non-text attachment was scrubbed... Name: strace.log Type: application/octet-stream Size: 454202 bytes Desc: not available URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20160715/80874a43/attachment-0002.obj> -------------- next part -------------- A non-text attachment was scrubbed... Name: tinc.gamevpn.log Type: application/octet-stream Size: 203501 bytes Desc: not available URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20160715/80874a43/attachment-0003.obj>
Hi guys, I have now done the obvious - swapped out the kernel. Upgrading to 4.5.7 fixed the problem! udp UNCONN 0 1408 *:655 *:* users:(("tincd",pid=3242,fd=7)) tcp LISTEN 0 3 *:655 *:* users:(("tincd",pid=3242,fd=6)) Thank you very much for your time. Petr On Fri, Jul 15, 2016 at 7:22 AM, Petr Man <petr at madnetwork.org> wrote:> Hi Etienne, > > I tried the patch, no change at all. Attached is a new log and also strace > log. There is a FD 7 opened (the UDP socket), used and yet "ss -nlptu" > doesn't see it. > > I have a suspicion now there is something wrong with the distro/kernel. As > a test: > > netcat -ul -p600 > ss -nlptu | grep netcat > > gives me no output... > > Petr > > On Thu, Jul 14, 2016 at 8:27 PM, Etienne Dechamps <etienne at edechamps.fr> > wrote: > >> You might want to try with https://github.com/gsliepen/tinc/pull/120 - >> that said, this bug probably doesn't explain everything because tinc is >> supposed to log a message from setup_vpn_in_socket() anyway, but there's no >> such message in your log. In addition, I really don't see any way the >> "Received UDP packet from unknown source" message could be logged if the >> UDP socket isn't functional. >> >> >> On 14 July 2016 at 05:10, Petr Man <petr at madnetwork.org> wrote: >> >>> Good morning, >>> >>> Here is the log, I don't see anything unusual. I took the same tinc >>> binary and tried on two other machines and it works fine - binds to 655/UDP >>> without issues: >>> udp UNCONN 0 0 *:655 >>> *:* users:(("tincd",18872,7)) >>> tcp LISTEN 0 3 *:655 >>> *:* users:(("tincd",18872,6)) >>> >>> >>> Petr >>> >>> On Thu, Jul 14, 2016 at 12:18 AM, Rob Townley <rob.townley at gmail.com> >>> wrote: >>> >>>> Have anything to do with firewall locations, meaning home vs work vs >>>> public vs lockdown. Probably not it at all. >>>> On Jul 13, 2016 3:22 PM, "Etienne Dechamps" <etienne at edechamps.fr> >>>> wrote: >>>> >>>>> That's strange. Can you post a detailed log from the affected node >>>>> (run tincd -d5 -D), especially the initialization phase? >>>>> >>>>> On 13 July 2016 at 16:17, Petr Man <petr at madnetwork.org> wrote: >>>>> >>>>>> Dear all, >>>>>> >>>>>> I have been successfully running for quite some time a tinc 1.1 >>>>>> network in switch mode. I recently added a new node, that refuses to >>>>>> communicate over UDP. >>>>>> Running "tinc info mynode" from a different box returns: >>>>>> Reachability: directly with TCP >>>>>> >>>>>> It appears that tincd is not listening on UDP port 655 on "mynode". >>>>>> Running "ss -nlptu | grep tincd": >>>>>> tcp LISTEN 0 3 *:655 *:* >>>>>> users:(("tincd",pid=10097,fd=6)) >>>>>> >>>>>> In the log there is a large number of these messages: >>>>>> Received UDP packet from unknown source 123.321.123.321 port 655 >>>>>> >>>>>> I am puzzled how is tincd getting the packets if it is not listening >>>>>> on 655/UDP. >>>>>> >>>>>> When I start netcat on the node on port 655/UDP I can see garbage >>>>>> coming in from the other nodes trying to initiate an UDP connection. >>>>>> >>>>>> Would you have any hints where to start debugging this? All machines >>>>>> are configured the same way and work fine (various linux versions, >>>>>> windows). This particular box is on Ubuntu Xenial kernel 4.3.5. >>>>>> >>>>>> Best, >>>>>> Petr >>>>>> >>>>>> _______________________________________________ >>>>>> tinc mailing list >>>>>> tinc at tinc-vpn.org >>>>>> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc >>>>>> >>>>>> >>>>> >>>>> _______________________________________________ >>>>> tinc mailing list >>>>> tinc at tinc-vpn.org >>>>> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc >>>>> >>>>> >>> >>> _______________________________________________ >>> tinc mailing list >>> tinc at tinc-vpn.org >>> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc >>> >>> >> >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20160715/6b4882de/attachment.html>