Open-conn-track: timeout

cbryan · May 2, 2022, 12:16am

Hi,
I’m using tailscale with two subnet routers: one on my home network, one on AWS. I’m seeing a lot of timeouts and “bad connections” trying to talk from my home network to AWS. The tailscaled log is full of timeouts like the one below.

(I don’t know how to qualitatively demonstrate the “bad connections”, but besides the timeouts a lot of API requests from my home network to the AWS nodes results in an “EOF” error.)

I was wondering if the tailscale timeouts mean that I’ve misconfigured tailscale or if it’s just indicating that a “regular” request timed out. Thanks!

Tailscale version:

1.24.2
  tailscale commit: 9d6867fb0ab30a33cbdfc8e583f5d39169dbb2e6
  other commit: 2d0f7ddc35aa4149e67e27d11ea317669cccdd94
  go version: go1.18.1-ts710a0d8610

Operating system & version:

Linux version 5.4.0-109-generic (buildd@ubuntu) (gcc version 9.4.0 (Ubuntu 9.4.0-1ubuntu1~20.04.1)) #123-Ubuntu SMP Fri Apr 8 09:10:54 UTC 2022

Timeout logs:

May 02 00:10:22 server tailscaled[7219]: open-conn-track: timeout opening (TCP 192.168.1.117:59759 => 10.0.101.167:8200) to node [mA0QU]; online=yes, lastRecv=9s
May 02 00:10:22 server tailscaled[7219]: open-conn-track: timeout opening (TCP 192.168.1.117:59760 => 10.0.101.167:8200) to node [mA0QU]; online=yes, lastRecv=9s
May 02 00:10:22 server tailscaled[7219]: open-conn-track: timeout opening (TCP 192.168.1.117:59761 => 10.0.101.167:8200) to node [mA0QU]; online=yes, lastRecv=9s
May 02 00:10:38 server tailscaled[7219]: open-conn-track: timeout opening (TCP 192.168.1.117:59759 => 10.0.101.167:8200) to node [mA0QU]; online=yes, lastRecv=4s
May 02 00:10:38 server tailscaled[7219]: open-conn-track: timeout opening (TCP 192.168.1.117:59760 => 10.0.101.167:8200) to node [mA0QU]; online=yes, lastRecv=4s
May 02 00:10:38 server tailscaled[7219]: open-conn-track: timeout opening (TCP 192.168.1.117:59761 => 10.0.101.167:8200) to node [mA0QU]; online=yes, lastRecv=4s

Possibly relevant: my home network router is pfsense.

DGentry · May 2, 2022, 5:01am

timeout log messages are normal: tailscaled is periodically trying all possible IP endpoints it knows for a given destination. Most of them cannot make a connection. It just keeps trying.

If there are actual symptoms of something not working, please include a “tailscale bugreport” shortly after the symptom occurs.

cbryan · May 2, 2022, 10:42am

To try to narrow down the cause, I tried using an AWS site-to-site VPN (without tailscale).

That resolved the timeout issues. However, I suspect that all this is due to pfsense and not a bug in tailscale itself, because tailscale netcheck returns MappingVariesByDestIP: true.

I tried a bunch of configuration options (including the FAQ article and this GitHub issue) but was unable to get it to report MappingVariesByDestIP: false.

Topic		Replies	Views
RATELIMIT] format("open-conn-track: timeout opening %v; no associated peer node")	1	1932	December 10, 2021
Err_connection_timed_out Linux	1	530	October 17, 2022
Access via Tailscale GCE VM Not Working SUPPORT QUESTIONS	0	190	February 10, 2023
I/o timeout error for syncthing over tailscale Linux	1	1148	March 23, 2022
Keepalived over Tailscale SUPPORT QUESTIONS	0	688	June 20, 2022

Open-conn-track: timeout

Related Topics