Need Help Diagnosing Server Wierdness

Lisa Kachold lisakachold at obnosis.com
Sun May 26 12:46:15 MST 2013 

Matt,

That's great news.

On Sun, May 26, 2013 at 12:21 PM, Mark Phillips
<mark at phillipsmarketing.biz>wrote:

> Thanks to everyone for their suggestions!
>
> The good news.....the server is healthy, and I solved the problem of the
> "ssh session ignoring me every few minutes". It seems I made a mistake in
> the configuration of openVPN in my new ASUS DD-WRT router.
>
> The better news....turning off openVPN on my router also solved my
> intermittent LAN printing and scanning issues.
>
> The bad news.....need to fix the VPN connection to my LAN. I guess I will
> be drinking my Starbs at home for awhile! ;)
>

Usually this is either an OpenVPN port issue or a MTU issue:

1) Port issue:

OpenVPN Ports:  TCP 443, TCP 943, UDP 1194

By default OpenVPN Access Server has 2 OpenVPN daemons running. One of them
on UDP port 1194 and another on TCP 443. We recommend that you use the UDP
port because this functions better for an OpenVPN tunnel. However, many
public locations block all sorts of ports except very common ones like
http, https, ftp, pop3, and so on. Therefore we also have TCP 443 as an
option. TCP port 443 is the default port for https:// (SSL) traffic and so
this is usually allowed through at the user’s location.
TCP port 943 is the port where the web server interface is listening by
default. You can either approach this directly using a URL like
https://yourserverhostnamehere:943/ or by approaching it through the
standard https:// port TCP 443, since the OpenVPN daemon will automatically
internally route browser traffic to TCP 943 by default. (
https://yourserverhostnamehere/).

2) MTU issue:

You can pass a parameter to OpenVPN to test your MTU:

*--mtu-test*To empirically measure MTU on connection startup, add the *
--mtu-test* option to your configuration. OpenVPN will send ping packets of
various sizes to the remote peer and measure the largest packets which were
successfully received. The *--mtu-test* process normally takes about 3
minutes to complete.
http://openvpn.net/index.php/open-source/documentation/manuals/65-openvpn-20x-manpage.html

 http://www.personalvpn.org/OpenVPN-mtu-size.htm

Excerpt:

SImply edit the client configuration files (files ending in .ovpn) to add
the MTU adjustment. We recommend adding the following value as a starting
point

mssfix 1300

Just copy and paste this into the configuration file on a blank line.  Restart
the software and connect. In a great many cases this will resolve the
connection issues. You can adjust this value to try and fine tune your
situation. But in most cases effects are minimal and this settings will
work very well.

>
> Happy Memorial Day Weekend to all PLUGers!!
>
> Mark
>
>
> On Sun, May 26, 2013 at 1:44 AM, Lisa Kachold <lisakachold at obnosis.com>wrote:
>
>> Hello Mark,
>>
>>
>>
>>
>> On Sat, May 25, 2013 at 11:59 AM, Mark Phillips <
>> mark at phillipsmarketing.biz> wrote:
>>
>>> I have an old headless server running Linux version 2.6.32-5-686 (Debian
>>> 2.6.32-48squeeze1) (dannf at debian.org) (gcc version 4.3.5 (Debian
>>> 4.3.5-4) ). Recently, when I log in using ssh the terminal window freezes
>>> for a few seconds, then usually comes back. The command line stops printing
>>> the characters I am typing, the cursor stops blinking, and then after a few
>>> seconds, it comes back. This happens every few minutes, so it is becoming
>>> rather annoying.
>>>
>>
>> Here's the general list (some of which you have done already).
>>
>> 0 - Make sure that it's not swapping with "free".
>> 1 - Check that you have no ethernet errors with "ethtool eth0" (or
>> whatever your interfaces are) and look for errors.
>> 1.5 - Check  ' netstat -s -p|grep "segments retransmited" ' for packet
>> loss
>> 2 - Check "netstat -antp" to see what is listening and/or bogging down.
>> 3 - Check "lsof" to see what the system is doing.
>> 4 - Are you accessing SSH via SSH forwarding, a different place/network
>> or VPN?  This could be a MTU issue.
>> 5 - Run "nmap $servername" from your system to check what is available
>> and listening.
>> 6 - Look in your logs for security issues; specifically access attempts
>> to open ports; firewall to only allow source and destination for SSH, DNS
>> or other Mail as appropriate.
>> 7 - Disable your SSH timeout - just to be safe:
>> http://docs.oseems.com/general/application/ssh/disable-timeout
>> 8 - Use a ping from your system to the server to see if you can see
>> latency.
>> 9 - Use a traceroute/tracert to see latency between any hop.
>>
>>
>> Use the Source my friend!
>>
>>>
>>> When I check the disks, I get
>>> # df -h
>>> Filesystem            Size  Used Avail Use% Mounted on
>>> /dev/sda1             182G   42G  131G  25% /
>>> tmpfs                 505M     0  505M   0% /lib/init/rw
>>> udev                  500M  140K  500M   1% /dev
>>> tmpfs                 505M     0  505M   0% /dev/shm
>>> /dev/sdb1             230G  146G   72G  67% /mnt/sdb
>>>
>>> So I am not running out of disk space.
>>>
>>> When I run top, I get this output:
>>> Tasks:  90 total,   3 running,  87 sleeping,   0 stopped,   0 zombie
>>> Cpu(s):  7.0%us,  3.0%sy,  0.0%ni, 82.7%id,  6.6%wa,  0.3%hi,  0.3%si,
>>> 0.0%st
>>> Mem:   1032748k total,  1013748k used,    19000k free,   242992k buffers
>>> Swap:  2017272k total,     1040k used,  2016232k free,   473584k cached
>>>
>>> So I am not running a process that is taking over the CPU.
>>>
>>> How should I go about diagnosing this problem?
>>>
>>> Thanks!
>>>
>>> Mark
>>>
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>
>>
>>
>>
>> --
>>
>> (503) 754-4452 Android
>> (623) 239-3392 Skype
>> (623) 688-3392 Google Voice
>> **
>> it-clowns.com <http://it-clowns.com/c/index.php>
>> Chief Clown
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>



-- 

(503) 754-4452 Android
(623) 239-3392 Skype
(623) 688-3392 Google Voice
**
it-clowns.com <http://it-clowns.com/c/index.php>
Chief Clown
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20130526/9ba2562b/attachment.html>

More information about the PLUG-discuss mailing list