Matt,<div><br></div><div>That's great news.<br><br><div class="gmail_quote">On Sun, May 26, 2013 at 12:21 PM, Mark Phillips <span dir="ltr"><<a href="mailto:mark@phillipsmarketing.biz" target="_blank">mark@phillipsmarketing.biz</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div>Thanks to everyone for their suggestions!<br><br></div>The good news.....the server is healthy, and I solved the problem of the "ssh session ignoring me every few minutes". It seems I made a mistake in the configuration of openVPN in my new ASUS DD-WRT router.<br>
<br></div><div>The better news....turning off openVPN on my router also solved my intermittent LAN printing and scanning issues.<br></div><div><br></div>The bad news.....need to fix the VPN connection to my LAN. I guess I will be drinking my Starbs at home for awhile! ;)<br>
</div></div></blockquote><div><br></div><div>Usually this is either an OpenVPN port issue or a MTU issue:</div><div><br></div><div>1) Port issue:</div><div><br></div><p style="padding:2px 1px;margin:1px;text-align:justify;color:rgb(0,51,102);font-size:12px;line-height:18px;background-color:rgb(255,255,255)">
OpenVPN Ports: TCP 443, TCP 943, UDP 1194</p><p style="padding:2px 1px;margin:1px;text-align:justify;color:rgb(0,51,102);font-size:12px;line-height:18px;background-color:rgb(255,255,255)">By default OpenVPN Access Server has 2 OpenVPN daemons running. One of them on UDP port 1194 and another on TCP 443. We recommend that you use the UDP port because this functions better for an OpenVPN tunnel. However, many public locations block all sorts of ports except very common ones like http, https, ftp, pop3, and so on. Therefore we also have TCP 443 as an option. TCP port 443 is the default port for https:// (SSL) traffic and so this is usually allowed through at the user’s location.</p>
<div><span style="background-color:rgb(255,255,255);color:rgb(0,51,102);font-size:12px;line-height:18px;text-align:justify">TCP port 943 is the port where the web server interface is listening by default. You can either approach this directly using a URL like</span><span style="background-color:rgb(255,255,255);color:rgb(0,51,102);font-size:12px;line-height:18px;text-align:justify"> </span><a class="smarterwiki-linkify" href="https://yourserverhostnamehere:943/" style="font-size:12px;line-height:18px;text-align:justify;color:rgb(0,102,153)">https://yourserverhostnamehere:943/</a><span style="background-color:rgb(255,255,255);color:rgb(0,51,102);font-size:12px;line-height:18px;text-align:justify"> </span><span style="background-color:rgb(255,255,255);color:rgb(0,51,102);font-size:12px;line-height:18px;text-align:justify">or by approaching it through the standard https:// port TCP 443, since the OpenVPN daemon will automatically internally route browser traffic to TCP 943 by default. (</span><a class="smarterwiki-linkify" href="https://yourserverhostnamehere/" style="font-size:12px;line-height:18px;text-align:justify;color:rgb(0,102,153)">https://yourserverhostnamehere/</a><span style="background-color:rgb(255,255,255);color:rgb(0,51,102);font-size:12px;line-height:18px;text-align:justify">).</span></div>
<div><br></div><div>2) MTU issue:</div><div><br></div><div>You can pass a parameter to OpenVPN to test your MTU:</div><div><br></div><div><dt style="color:rgb(0,51,102);font-family:Arial,Helvetica,sans-serif;font-size:13px;background-color:rgb(252,253,253)">
<strong>--mtu-test</strong></dt><dd style="color:rgb(0,51,102);font-family:Arial,Helvetica,sans-serif;font-size:13px;background-color:rgb(252,253,253)">To empirically measure MTU on connection startup, add the <strong>--mtu-test</strong> option to your configuration. OpenVPN will send ping packets of various sizes to the remote peer and measure the largest packets which were successfully received. The <strong>--mtu-test</strong> process normally takes about 3 minutes to complete.</dd>
<dd style="color:rgb(0,51,102);font-family:Arial,Helvetica,sans-serif;font-size:13px;background-color:rgb(252,253,253)"><br></dd><dd style="color:rgb(0,51,102);font-family:Arial,Helvetica,sans-serif;font-size:13px;background-color:rgb(252,253,253)">
<a href="http://openvpn.net/index.php/open-source/documentation/manuals/65-openvpn-20x-manpage.html">http://openvpn.net/index.php/open-source/documentation/manuals/65-openvpn-20x-manpage.html</a></dd><dd style="color:rgb(0,51,102);font-family:Arial,Helvetica,sans-serif;font-size:13px;background-color:rgb(252,253,253)">
<br></dd><dd style="color:rgb(0,51,102);font-family:Arial,Helvetica,sans-serif;font-size:13px;background-color:rgb(252,253,253)"><br></dd></div><div> <a href="http://www.personalvpn.org/OpenVPN-mtu-size.htm">http://www.personalvpn.org/OpenVPN-mtu-size.htm</a></div>
<div><br></div><div>Excerpt:</div><div><br></div><div><p style="margin:0px 0px 20px;padding:0px;line-height:1.7em;font-size:0.95em;color:rgb(68,68,68);text-align:justify;font-family:Helvetica,Arial,sans-serif">SImply edit the client configuration files (files ending in .ovpn) to add the MTU adjustment. <span style="font-size:0.95em;line-height:1.7em">We recommend adding the following value as a starting point</span></p>
<p style="margin:0px 0px 20px;padding:0px;line-height:1.7em;font-size:0.95em;color:rgb(68,68,68);text-align:justify;font-family:Helvetica,Arial,sans-serif">mssfix 1300</p><p style="margin:0px 0px 20px;padding:0px;line-height:1.7em;font-size:0.95em;color:rgb(68,68,68);text-align:justify;font-family:Helvetica,Arial,sans-serif">
Just copy and paste this into the configuration file on a blank line. <span style="font-size:0.95em;line-height:1.7em">Restart the software and connect. In a great many cases this will resolve the connection issues. </span><span style="font-size:0.95em;line-height:1.7em">You can adjust this value to try and fine tune your situation. But in most cases effects are minimal and this settings will work very well.</span></p>
</div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>
<br></div>Happy Memorial Day Weekend to all PLUGers!!<span class="HOEnZb"><font color="#888888"><br><br>Mark<br></font></span></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><br><div class="gmail_quote">
On Sun, May 26, 2013 at 1:44 AM, Lisa Kachold <span dir="ltr"><<a href="mailto:lisakachold@obnosis.com" target="_blank">lisakachold@obnosis.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hello Mark,<div><br></div><div><br></div><div><br><br><div class="gmail_quote"><div>On Sat, May 25, 2013 at 11:59 AM, Mark Phillips <span dir="ltr"><<a href="mailto:mark@phillipsmarketing.biz" target="_blank">mark@phillipsmarketing.biz</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>I have an old headless server running Linux version 2.6.32-5-686 (Debian 2.6.32-48squeeze1) (<a href="mailto:dannf@debian.org" target="_blank">dannf@debian.org</a>) (gcc version 4.3.5 (Debian 4.3.5-4) ). Recently, when I log in using ssh the terminal window freezes for a few seconds, then usually comes back. The command line stops printing the characters I am typing, the cursor stops blinking, and then after a few seconds, it comes back. This happens every few minutes, so it is becoming rather annoying.<br>
</div></div></blockquote><div><br></div></div><div>Here's the general list (some of which you have done already).</div><div><br></div><div>0 - Make sure that it's not swapping with "free".</div><div>1 - Check that you have no ethernet errors with "ethtool eth0" (or whatever your interfaces are) and look for errors.</div>
<div>1.5 - Check '<span style="background-color:rgb(238,238,238);color:rgb(34,34,34);font-family:Consolas,Menlo,Monaco,'Lucida Console','Liberation Mono','DejaVu Sans Mono','Bitstream Vera Sans Mono','Courier New',monospace,serif;font-size:13px;line-height:16px"> netstat -s -p|grep "segments retransmited" ' for packet loss</span></div>
<div>2 - Check "netstat -antp" to see what is listening and/or bogging down.</div><div>3 - Check "lsof" to see what the system is doing.</div><div>4 - Are you accessing SSH via SSH forwarding, a different place/network or VPN? This could be a MTU issue. </div>
<div>5 - Run "nmap $servername" from your system to check what is available and listening.</div><div>6 - Look in your logs for security issues; specifically access attempts to open ports; firewall to only allow source and destination for SSH, DNS or other Mail as appropriate.</div>
<div>7 - Disable your SSH timeout - just to be safe: <a href="http://docs.oseems.com/general/application/ssh/disable-timeout" target="_blank">http://docs.oseems.com/general/application/ssh/disable-timeout</a></div><div>
8 - Use a ping from your system to the server to see if you can see latency.</div>
<div>9 - Use a traceroute/tracert to see latency between any hop.</div><div> </div><div><br></div><div>Use the Source my friend! </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>
<div dir="ltr"><div>
<br></div><div>When I check the disks, I get<br># df -h<br>Filesystem Size Used Avail Use% Mounted on<br>/dev/sda1 182G 42G 131G 25% /<br>tmpfs 505M 0 505M 0% /lib/init/rw<br>
udev 500M 140K 500M 1% /dev<br>tmpfs 505M 0 505M 0% /dev/shm<br>/dev/sdb1 230G 146G 72G 67% /mnt/sdb<br><br></div><div>So I am not running out of disk space. <br>
<br></div><div>When I run top, I get this output:<br>Tasks: 90 total, 3 running, 87 sleeping, 0 stopped, 0 zombie<br>Cpu(s): 7.0%us, 3.0%sy, 0.0%ni, 82.7%id, 6.6%wa, 0.3%hi, 0.3%si, 0.0%st<br>Mem: 1032748k total, 1013748k used, 19000k free, 242992k buffers<br>
Swap: 2017272k total, 1040k used, 2016232k free, 473584k cached<br><br></div><div>So I am not running a process that is taking over the CPU.<br><br></div><div>How should I go about diagnosing this problem?<br><br>
</div><div>Thanks!<span><font color="#888888"><br><br></font></span></div><span><font color="#888888"><div>Mark <br></div></font></span></div>
<br></div><div>---------------------------------------------------<br>
PLUG-discuss mailing list - <a href="mailto:PLUG-discuss@lists.phxlinux.org" target="_blank">PLUG-discuss@lists.phxlinux.org</a><br>
To subscribe, unsubscribe, or to change your mail settings:<br>
<a href="http://lists.phxlinux.org/mailman/listinfo/plug-discuss" target="_blank">http://lists.phxlinux.org/mailman/listinfo/plug-discuss</a><br></div></blockquote></div><span><font color="#888888"><br><br clear="all">
<div><br></div>-- <br><div><br></div>
<a href="tel:%28503%29%20754-4452" value="+15037544452" target="_blank">(503) 754-4452</a> Android<br><a href="tel:%28623%29%20239-3392" value="+16232393392" target="_blank">(623) 239-3392</a> Skype<br><a href="tel:%28623%29%20688-3392" value="+16236883392" target="_blank">(623) 688-3392</a> Google Voice<br>
**<br><a href="http://it-clowns.com/c/index.php" target="_blank">it-clowns.com</a><br>Chief Clown<br><br><br><br><br><br><br><br><br><br><br>
<br><br><br>
</font></span></div>
<br>---------------------------------------------------<br>
PLUG-discuss mailing list - <a href="mailto:PLUG-discuss@lists.phxlinux.org" target="_blank">PLUG-discuss@lists.phxlinux.org</a><br>
To subscribe, unsubscribe, or to change your mail settings:<br>
<a href="http://lists.phxlinux.org/mailman/listinfo/plug-discuss" target="_blank">http://lists.phxlinux.org/mailman/listinfo/plug-discuss</a><br></blockquote></div><br></div>
</div></div><br>---------------------------------------------------<br>
PLUG-discuss mailing list - <a href="mailto:PLUG-discuss@lists.phxlinux.org">PLUG-discuss@lists.phxlinux.org</a><br>
To subscribe, unsubscribe, or to change your mail settings:<br>
<a href="http://lists.phxlinux.org/mailman/listinfo/plug-discuss" target="_blank">http://lists.phxlinux.org/mailman/listinfo/plug-discuss</a><br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div><br></div>
(503) 754-4452 Android<br>(623) 239-3392 Skype<br>(623) 688-3392 Google Voice<br>**<br><a href="http://it-clowns.com/c/index.php" target="_blank">it-clowns.com</a><br>Chief Clown<br><br><br><br><br><br><br><br><br><br><br>
<br><br><br>
</div>