I have a large number of identical fanless PCs running debian 6 (ARM). Most of these are connected via comcast and work ok. There are some that are connected to ‘WiMax’ modems and are having communication issues.
Specifically: if I ssh to one of these and try a command like ‘ps -ax’ I’ll get about 3 lines back and then the session is locked up. If I let it sit, eventually it will close with a ‘session closed by peer’.
What I’ve tried:
ssh -vvv→ no error messagesssh <[email protected]> 'command'→ this will sometimes return the full output of the command. Sometimes it won’t connect at all.
Suggestions on other things to try?
I’ve found that I can execute some commands successfully: e.g. hitting return a dozen times or more is ok. cd ~ and then lf works as does df -h. I can run df many times successfully but as soon as I try something with more output (e.g. ls /etc) it locks up.
Does it make a difference that I’m trying to communicate between these two hosts using OpenVPN?
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
You have the symptoms of an MTU problem: some TCP connections freeze, more or less reproducibly for a given command or URL but with no easily discernible overall pattern. A telltale symptom is that interactive ssh sessions work well as long as you don’t run commands with large output.
See Can’t access select https sites on Linux over PPPoE for an explanation.
OpenVPN has several MTU-related option — search for “mtu” in the manual. I don’t have enough experience to be confident as to which option you need to change. (It’s even possible that you can change something in the Wimax modem configuration.) The most likely option to change is mssfix: try lowering the value until it fixes the problem. The default is 1450; something like around 1400 might fix your problem. Try openvpn --fragment 1200 -mssfix; if it helps, increase the value until it starts breaking.
Method 2
Gilles’ answer is completely correct, but there is also another potential cause for this.
There was a bug in version 2.3.0 of OpenVPN which would disconnect clients when sending large chunks of data: https://community.openvpn.net/openvpn/ticket/263
This issue only occurred when using TCP. UDP was completely unaffected.
Method 3
We had the same problem, and it was indeed a MTU issue. However for us the problem was not in openVPN configuration but on the tun0 interface.
How we solved it: first find the maximum packet size that went through, with
ping <host> -s 1500 -M do
and reducing the 1500 value until a value was going through (for us, 1350).
Once the right value was found, change the tun0 interface with
sudo ip link set dev tun0 mtu 1350
as was proposed by Sebastian here. After that the VPN was going smoothly.
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0