secnet-0.6.0 connection stalling
Stephen Early
steve at assorted.org.uk
Thu Mar 5 11:46:34 GMT 2020
On 27/02/2020 16:11, Ian Jackson wrote:
>
> Thanks for the report. I don't have an immediately helpful theory
> about what this might be. The symptoms are consistent with a problem
> with peer public address selection.
I found the source of the problem. It's not a secnet bug. It was a
firewall configuration error.
Longer version: I was incorrect in my original email about the version
of secnet being run before I started having problems. It was 0.4.0, not
0.4.5. After I downgraded from 0.6.0 to 0.4.5 I continued to see the
stalling problem.
The firewalls at the three remote sites (but not the central site) did
not have UDP port 410 open for incoming traffic on IPv6. Outgoing IPv6
traffic on port 410 would enable incoming traffic to be accepted for a
limited time. It looks like version 0.4.0 did not try or prefer IPv6,
and 0.4.5 did.
Changing the firewall to permit incoming UDP on port 410 for IPv6 fixed
the problem, and version 0.6.0 is now running successfully at all the
sites. Sorry for the false report!
Steve
More information about the sgo-software-discuss
mailing list