[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: possible ppp problems

To: Brian Somers <brian@Awfulhak.org>
Subject: Re: possible ppp problems
From: Michael Lee Crogan <mcrogan@lanl.gov>
Date: Thu, 23 Mar 2000 09:20:49 -0700 (MST)
Cc: misc@openbsd.org, brian@hak.lan.Awfulhak.org
References: <mcrogan@lanl.gov><14553.44734.666765.172136@holomorphic.lanl.gov><200003231417.OAA03791@hak.lan.Awfulhak.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

>>>>> "brian" == Brian Somers <brian@Awfulhak.org> writes:

 >> Whereas before ppp was not previously causing trouble, I thought that a
 >> new bug might have been introduced since the "latest updates" web page
 >> mentions ppp "fixes" (meaning updates of some sort).

 >> The trouble is that a vpn established with ssh/ppp between a Linux and
 >> OpenBSD host will periodically "hang" (and when it hangs, it hangs
 >> "forever"--until the vpn is killed then reestablished).  It will hang
 >> only when a large amount of traffic is passed through at the same time
 >> (where "large" could mean X traffic such as an xterm or netscape).  It
 >> will only hang when this traffic originates from or is directed to a
 >> host _other_ than the vpn-establishing host.

 >> For example, doing a cvs update with CVSROOT set to a remote host and
 >> the default route going through the virtual interface will cause ppp to
 >> hang every single time (after transferring between about 128k and
 >> several megabytes).  After this time, a ping to the virtual address
 >> established by the vpn will fail/hang, as will all traffic through the
 >> virtual interface.  At this point the ssh and ppp processes exist in the
 >> process table on both ends, but there is no data being transferred.  The
 >> response time from the ping is reasonably quick (80ms or so).

 > How are you using ssh ?  Do you have ``-e none'' ?

>From the Linux-2.2.12/Redhat-6.1 host, I run:

  MY_PTY=$(/usr/local/bin/pty-redir /bin/ksh -c "$(sed 's,;.*,,' < ~/.ssh/ssh-agent.zsh | fmt) exec /usr/bin/ssh -e none -c blowfish -t -l ${VPN_USER} ${VPN_REMOTE_IP} /usr/bin/sudo /usr/sbin/pppd")
  /usr/sbin/pppd $MY_PTY ${VPN_IP_1}:${VPN_IP_2} proxyarp file /root/vpn/ppp.conf

${VPN_REMOTE_IP} is the address for the Ethernet interface of the
OpenBSD host.  Thus, I am using pppd on both ends.  The .ppprc for
${VPN_USER} (on the OpenBSD host) is:

  # cat .ppprc
  noauth
  debug
  idle 31536000
  ipcp-max-configure 32
  ipcp-max-failure 32
  ipcp-max-terminate 16
  ipcp-restart 16
  kdebug 1
  lcp-echo-failure 31536000
  lcp-echo-interval 10
  lcp-max-configure 32
  lcp-max-failure 32
  lcp-max-terminate 16
  lcp-restart 16
  local
  lock
  maxconnect 31536000
  nocrtscts
  pap-max-authreq 32
  pap-restart 16
  pap-timeout 0
  passive
  # proxyarp

And the ppp.conf file on the Linux host is:

  # cat vpn/ppp.conf 
  noauth
  debug
  idle 31536000
  ipcp-max-configure 32
  ipcp-max-failure 32
  ipcp-max-terminate 16
  ipcp-restart 16
  kdebug 1
  lcp-echo-failure 31536000
  lcp-echo-interval 10
  lcp-max-configure 32
  lcp-max-failure 32
  lcp-max-terminate 16
  lcp-restart 16
  maxconnect 31536000
  nocdtrcts
  nocrtscts
  pap-max-authreq 32
  pap-restart 16
  pap-timeout 0
  proxyarp

I doubt that all of these options are necessary, but the fact is that
the trouble with ppp is recent (that is, it was working without this
severe trouble before).  I can send any amount of traffic between the
OpenBSD and the Linux hosts, and I can open connections with small
bandwidth (like an interactive secure shell) to any host (and it goes
through the route of the vpn), but whenever a certain amount of traffic
is reached, it hangs.

 > Also, are you using ppp(8) or pppd(8) ?

 > Here, I've been having some fairly serious tunnelling problems of late 
 > with ppp(8)/ssh/tcp/ip/ppp(8)/ISDN.  I suspect it may be a problem 
 > on my providers end, but it manifests as individual links through the 
 > tunnel jamming.

Once the vpn (ssh/ppp) is killed and then restarted, things start from
``scratch'' again, in that it takes a large amount of bandwidth to get
it to hang again.

 >> The confusing part is that _any_ amount of traffic between the two VPN
 >> hosts _directly_ never causes any trouble.  For instance, the same cvs
 >> update command with CVS_RSH set to a nested ssh session to the vpn host
 >> actually completes without ever hanging the vpn.

 >> The version of ppp at the other end is RedHat/Linux:
 > [.....]

 > Vienna (this means nothing to me) !
 > -- 
 > Brian <brian@Awfulhak.org>                        <brian@[uk.]FreeBSD.org>
 >       <http://www.Awfulhak.org>                   <brian@[uk.]OpenBSD.org>
 > Don't _EVER_ lose your sense of humour !

Michael Lee Crogan -- <mcrogan@lanl.gov>

Los Alamos National Laboratory
Computing, Information, and Communications Division (CIC-5)
Research And Development In Advanced Network Technology (RADIANT)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE42kRgAQ2uwBfudJQRAnmLAJ9y2QQqEWw2NmQrtjBFF959xQSHOgCcC3us
LhBEvpp9dVIVlTTl5ROSDR8=
=PSUM
-----END PGP SIGNATURE-----

Follow-Ups:
- Re: possible ppp problems
  - From: Brian Somers <brian@Awfulhak.org>

References:
- possible ppp problems
  - From: Michael Lee Crogan <mcrogan@lanl.gov>
- Re: possible ppp problems
  - From: Brian Somers <brian@Awfulhak.org>
- Re: possible ppp problems
  - From: Brian Somers <brian@Awfulhak.org>

Prev by Date: OpenBSD Ring
Next by Date: Re: ksh from AT&T
Prev by thread: Re: possible ppp problems
Next by thread: Re: possible ppp problems
Index(es):
- Date
- Thread