On Wed, Jun 21, 2017 at 09:11:47AM +0800, Bright Zhao wrote: > I found the server(1.1.1.1) didn’t receive the MTU probe from client, so I > add iptables -A INPUT -p udp —port 443 -j ACCEPT. > > After this, I see one packet matching on the server side, and the MTU > negotiation works, but when I tear down the tinc, and re-establish the tinc > connection, the counter of below UDP/443 never increase, and also my other > tinc nodes never add this statement on iptables, but they alll works well for > the MTU negotiation(finally works on UDP) > > pkts bytes target prot opt in out source > destination > 1 104 ACCEPT udp -- any any anywhere anywhere > udp dpt:https > > The above statement is necessary, or not?
Yes, if it would otherwise block UDP packets coming in to the server,
you need it to ensure tinc can communicate via UDP.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <[email protected]>
signature.asc
Description: PGP signature
_______________________________________________ tinc mailing list [email protected] https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
