Post ALIw4mD9kD3b3t1YB6 by hobson@mastodon.social
(DIR) More posts by hobson@mastodon.social
(DIR) Post #ALIWbGClAORoXlfRT6 by adam@hax0rbana.social
2022-07-09T00:06:54Z
1 likes, 0 repeats
This mesh networking experiment is turning into a real adventure!When I checked for internet connectivity from the mesh, I went to an HTTP site. Worked fine. But HTTPS sites just hang. Same server, but the TLS is causing trouble.Pcaps show traffic going back and forth, but no FIN. It is every site. Doesn't matter what port it's on, or what software the server runs... TLS is a no-go.This is just so bizarre, I had to toot about it.
(DIR) Post #ALIjMj5gmmvBBylBi4 by adam@hax0rbana.social
2022-07-09T02:29:55Z
0 likes, 0 repeats
I was able to find an HTTP site where I can reproduce what at first seemed like a TLS issue.http://ftp.debian.org/debianWorks just finehttp://ftp.debian.org/debian/Hangs after the HTTP headers come throughI'm going to take a break and take a very close look at pcaps from different interfaces and with the working and non-working cases. 🧐
(DIR) Post #ALIksXG4PkzTiOLbM0 by hobson@mastodon.social
2022-07-09T02:46:52Z
0 likes, 0 repeats
@adam are you able to ...1. Create VPN server on an exit node (gateway with access to the WAN/Internet)2. Connect a client within the mesh (LAN) to the exit node VPN server 3. Curl the https site?
(DIR) Post #ALIvneTPGD2A8kSX44 by adam@hax0rbana.social
2022-07-09T04:49:07Z
0 likes, 0 repeats
@hobson I can give that a shot this weekend.I can't curl HTTPS sites on my LAN right now, so it's not just upstream from the gateway.If I pull down a copy of this problematic site, I might be able to repro the issue entirely within the mesh, which could be interesting too.I might have messed up the MTU somewhere along the line, but I wouldn't expect that to cause anything more than performance problems, not grind everything to a halt. It's a #mystery
(DIR) Post #ALIw4mD9kD3b3t1YB6 by hobson@mastodon.social
2022-07-09T04:52:10Z
0 likes, 0 repeats
@adam yea you're way ahead of me and beyond my understanding of #mesh
(DIR) Post #ALJuYuKU7V6WB2eSno by mr64bit@p.mr64.net
2022-07-09T16:10:11.642621Z
0 likes, 0 repeats
@adam Looks like an MTU problem. The response for your first example is well within whatever your restricted MTU is, while the other isn’t. You can do ping -s 1492 to send ICMP packets that are the full usual 1500 bytes, and lower that number until you get responses to fine the effective MTU.
(DIR) Post #ALJv17IVUxkOVOB52e by mr64bit@p.mr64.net
2022-07-09T16:15:17.269942Z
0 likes, 0 repeats
@adam should have actually tested this method before sending, cause apparently it’s not right at all.ping -s 1472 -M do is what you want.
(DIR) Post #ALK3NGdAHHNtSJugoC by adam@hax0rbana.social
2022-07-09T17:48:51Z
0 likes, 0 repeats
@mr64bit Yup, you nailed it.For some reason node02's MTU is set to 1500 despite /etc/network/interfaces.d/bat0 having a line that says: "mtu 1468"This didn't happen on the gateway yet because I am still using rc.local instead of ENI.I found https://www.debianadmin.com/change-mtu-maximum-transmission-unit-of-network-interface.html which explains Debian prefers the value from DHCP over the one in the config.I thought mismatched MTUs would just result in fragmentation. 🤨
(DIR) Post #ALK4m4F9ZQ4GEO4Vai by adam@hax0rbana.social
2022-07-09T18:04:35Z
0 likes, 0 repeats
@mr64bit I found a solution, but I don't really like it: dhcpcd exit hookshttps://forums.raspberrypi.com/viewtopic.php?t=271133The reason I don't like it is that if the upstream network ever had a non-standard MTU, I am worried that it might cause me trouble.I could bump up the MTU on wlan0 to make room for 1500 byte packets, but I'm not sure that really solves the problem and I'm also not sure all wifi adapters can handle that.