Ticket #1190 (new)

Opened 5 years ago

Last modified 3 years ago

Tunneldigger temporary failiure on connections with slight packetloss

Reported by: DustWolf Owned by: kostko
Priority: normal Milestone:
Component: tunneldigger Version:
Keywords: Cc: shapo
Related nodes: levarjeva-83, levarjeva-83b, kamnik-pod-krimom-11c Realization state:
Blocking: Effort: normal
Blocked by: Security sensitive: no


When a node is used with the blue connector connected to a network with slight packetloss (say 2%), the VPN connection via tunneldigger will randomly become temporarily unavailable for short periods of time (a couple of minutes), resulting in lack of internet access during this time.

I have observed this issue on two different networks (suburban houses with bad telephone lines, once SiOL ADSL, once T-2 VDSL), which experience slight packetloss.

Observed case: Two nodes, levarjeva-83b connected to the other via mesh, and levarjeva-83 connected to the internet via tunneldigger. Internet outage observed while connected to levarjeva-83 via nonmesh wireless. While in this state, can ping both nodes with no problem, dns queries to both nodes work fine, cannot ping implicator or any other node on the network. SSHed to the node itself, I can ping meaning it's internet connection works fine, but cannot ping implicator.

After a few minutes, the connection resumes working normally by itself.

Change History

comment:1 Changed 5 years ago by shapo

  • Cc shapo added

comment:2 Changed 3 years ago by DustWolf

Based upon further testing it appears that this problem occurs due to the fact that tunneldigger uses an UDP connection. UDP connections do not retransmit data when packetloss occurs and as a result even tunneled TCP traffic gets lost over unreliable networks.

comment:3 Changed 3 years ago by mitar

Not sure what you are saying here. TCP should be able to recover when they are lost packets. And the amount of lost packets with tunneldigger and without should be more or less the same on the same lossy link.

VPN theory is saying that this is the correct thing to do. Instead of VPN trying to fix retransmissions, it should leave to the embedded layers and protocols to fix that, if the care.

I do no think your analysis is correct.

But is this happening?

Note: See TracTickets for help on using tickets.