[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: possible ppp problems

To: "Michael Lee Crogan" <mcrogan@lanl.gov>
Subject: Re: possible ppp problems
From: Brian Somers <brian@Awfulhak.org>
Date: Thu, 23 Mar 2000 18:23:20 +0000
Cc: Brian Somers <brian@Awfulhak.org>, misc@openbsd.org,brian@hak.lan.Awfulhak.org, brian@hak.lan.Awfulhak.org

Hmm, the only suggestion I can make is that maybe you're having 
fragmentation difficulties (are you NATing too ?).  How about 
trying an increased MTU on the ppp link ?

You could also try using ppp(8) on the OpenBSD side :*)  You can just

  set device "!ssh ....."

to create the tunnel.

> >>>>> "brian" == Brian Somers <brian@Awfulhak.org> writes:
> 
>  >> Whereas before ppp was not previously causing trouble, I thought that a
>  >> new bug might have been introduced since the "latest updates" web page
>  >> mentions ppp "fixes" (meaning updates of some sort).
> 
>  >> The trouble is that a vpn established with ssh/ppp between a Linux and
>  >> OpenBSD host will periodically "hang" (and when it hangs, it hangs
>  >> "forever"--until the vpn is killed then reestablished).  It will hang
>  >> only when a large amount of traffic is passed through at the same time
>  >> (where "large" could mean X traffic such as an xterm or netscape).  It
>  >> will only hang when this traffic originates from or is directed to a
>  >> host _other_ than the vpn-establishing host.
> 
>  >> For example, doing a cvs update with CVSROOT set to a remote host and
>  >> the default route going through the virtual interface will cause ppp to
>  >> hang every single time (after transferring between about 128k and
>  >> several megabytes).  After this time, a ping to the virtual address
>  >> established by the vpn will fail/hang, as will all traffic through the
>  >> virtual interface.  At this point the ssh and ppp processes exist in the
>  >> process table on both ends, but there is no data being transferred.  The
>  >> response time from the ping is reasonably quick (80ms or so).
> 
>  > How are you using ssh ?  Do you have ``-e none'' ?
> 
> >From the Linux-2.2.12/Redhat-6.1 host, I run:
> 
>   MY_PTY=$(/usr/local/bin/pty-redir /bin/ksh -c "$(sed 's,;.*,,' < ~/.ssh/ssh-agent.zsh | fmt) exec /usr/bin/ssh -e none -c blowfish -t -l ${VPN_USER} ${VPN_REMOTE_IP} /usr/bin/sudo /usr/sbin/pppd")
>   /usr/sbin/pppd $MY_PTY ${VPN_IP_1}:${VPN_IP_2} proxyarp file /root/vpn/ppp.conf
> 
> ${VPN_REMOTE_IP} is the address for the Ethernet interface of the
> OpenBSD host.  Thus, I am using pppd on both ends.  The .ppprc for
> ${VPN_USER} (on the OpenBSD host) is:
> 
>   # cat .ppprc
>   noauth
>   debug
>   idle 31536000
>   ipcp-max-configure 32
>   ipcp-max-failure 32
>   ipcp-max-terminate 16
>   ipcp-restart 16
>   kdebug 1
>   lcp-echo-failure 31536000
>   lcp-echo-interval 10
>   lcp-max-configure 32
>   lcp-max-failure 32
>   lcp-max-terminate 16
>   lcp-restart 16
>   local
>   lock
>   maxconnect 31536000
>   nocrtscts
>   pap-max-authreq 32
>   pap-restart 16
>   pap-timeout 0
>   passive
>   # proxyarp
> 
> And the ppp.conf file on the Linux host is:
> 
>   # cat vpn/ppp.conf 
>   noauth
>   debug
>   idle 31536000
>   ipcp-max-configure 32
>   ipcp-max-failure 32
>   ipcp-max-terminate 16
>   ipcp-restart 16
>   kdebug 1
>   lcp-echo-failure 31536000
>   lcp-echo-interval 10
>   lcp-max-configure 32
>   lcp-max-failure 32
>   lcp-max-terminate 16
>   lcp-restart 16
>   maxconnect 31536000
>   nocdtrcts
>   nocrtscts
>   pap-max-authreq 32
>   pap-restart 16
>   pap-timeout 0
>   proxyarp
> 
> I doubt that all of these options are necessary, but the fact is that
> the trouble with ppp is recent (that is, it was working without this
> severe trouble before).  I can send any amount of traffic between the
> OpenBSD and the Linux hosts, and I can open connections with small
> bandwidth (like an interactive secure shell) to any host (and it goes
> through the route of the vpn), but whenever a certain amount of traffic
> is reached, it hangs.
> 
>  > Also, are you using ppp(8) or pppd(8) ?
> 
>  > Here, I've been having some fairly serious tunnelling problems of late 
>  > with ppp(8)/ssh/tcp/ip/ppp(8)/ISDN.  I suspect it may be a problem 
>  > on my providers end, but it manifests as individual links through the 
>  > tunnel jamming.
> 
> Once the vpn (ssh/ppp) is killed and then restarted, things start from
> ``scratch'' again, in that it takes a large amount of bandwidth to get
> it to hang again.
> 
>  >> The confusing part is that _any_ amount of traffic between the two VPN
>  >> hosts _directly_ never causes any trouble.  For instance, the same cvs
>  >> update command with CVS_RSH set to a nested ssh session to the vpn host
>  >> actually completes without ever hanging the vpn.
> 
>  >> The version of ppp at the other end is RedHat/Linux:
>  > [.....]
[.....]
> Michael Lee Crogan -- <mcrogan@lanl.gov>
> 
> Los Alamos National Laboratory
> Computing, Information, and Communications Division (CIC-5)
> Research And Development In Advanced Network Technology (RADIANT)

-- 
Brian <brian@Awfulhak.org>                        <brian@[uk.]FreeBSD.org>
      <http://www.Awfulhak.org>                   <brian@[uk.]OpenBSD.org>
Don't _EVER_ lose your sense of humour !

Follow-Ups:
- Re: possible ppp problems
  - From: Michael Lee Crogan <mcrogan@lanl.gov>

References:
- Re: possible ppp problems
  - From: Michael Lee Crogan <mcrogan@lanl.gov>

Prev by Date: Re: MP3s
Next by Date: Re: MP3s
Prev by thread: Re: possible ppp problems
Next by thread: Re: possible ppp problems
Index(es):
- Date
- Thread