Skip to content

T_RELEASE_v1.3.0rc5

Pre-release
Pre-release
Compare
Choose a tag to compare
@ddmesh ddmesh released this 17 May 19:00
· 371 commits to master since this release
T_RELEASE_v1.3.0rc5
7e85290
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

This release adds an extra rule to redirect local generated icmp "fragmentation needed" to vpn tunnel instead of server network interface.
The problem is that Hetzner "disconnects" the host from network when it detects traffic that does not belong to any traffic it knows.

When a freifunk client makes a request to external web servers, this request goes out through a VPN tunnel. Answers that are too big to fit into tbb_fastd2 network interface because of the lower MTU 1200, will cause the kernel to generate icmp "fragmentation needed". Normally those packets travel through the gateway. But those answers must go back through the VPN tunnel.

Assets 2
Loading