We’ve just tried TCP and the issue has gone away.
Can anyone tell me why this happens? Also, what’s the reason for UDP being
preferred over TCP?
Thanks.
-Stuart
On 4 Sep 2017, 15:46 +0100, Илья Шипицин <chipits...@gmail.com>, wrote:
> Also, we observed very rare situations when switching to tcp instead of udp
> resolved similar issues (did not have a chance to dig deeper)
>
> Can you try to switch to tcp?
>
> > 4 сент. 2017 г. 19:40 пользователь "Stuart Dallas" <stu...@stut.net>
> > написал:
> > > Happy to provide the configs, but as noted the configuration works
> > > perfectly when the server is on another internet connection.
> > >
> > > Server:
> > >
> > > local 0.0.0.0
> > > port [redacted_port]
> > > proto udp
> > > dev cloudvpn
> > > dev-type tun
> > > ca cloud-ca.crt
> > > cert cloud-server.crt
> > > key cloud-server.key
> > > dh cloud-dh2048.pem
> > > topology subnet
> > > server 10.10.1.0 255.255.255.0
> > > ifconfig-pool-persist cloud-ipp.txt
> > > client-config-dir cloud-ccd
> > > keepalive 10 120
> > > tls-auth cloud-ta.key 0
> > > cipher AES-256-CBC
> > > user nobody
> > > group nobody
> > > persist-key
> > > persist-tun
> > > status cloud-openvpn-status.log
> > > status-version 3
> > > verb 3
> > > mute 20
> > >
> > > Client:
> > >
> > > client
> > > dev tun
> > > proto udp
> > > remote [redacted_ip] [redacted_port]
> > > resolv-retry infinite
> > > nobind
> > > user nobody
> > > group nobody
> > > persist-key
> > > persist-tun
> > > ca cloud-ca.crt
> > > cert cloud-client.crt
> > > key cloud-client.key
> > > remote-cert-tls server
> > > tls-auth cloud-ta.key 1
> > > cipher AES-256-CBC
> > > mute 20
> > >
> > > Thanks.
> > >
> > > -Stuart
> > >
> > > On 4 Sep 2017, 15:34 +0100, Илья Шипицин <chipits...@gmail.com>, wrote:
> > > > Please, provide both server and client config.
> > > >
> > > > (We saw similar situation, when server was "comp-lzo yes" and client
> > > > "comp-lzo no")
> > > >
> > > > > 4 сент. 2017 г. 19:25 пользователь "Stuart Dallas" <stu...@stut.net>
> > > > > написал:
> > > > > > We’ve got a very odd issue happening at a new customer’s site.
> > > > > >
> > > > > > The VPN is established quite happily at their site and unencrypted
> > > > > > traffic through that VPN works perfectly (HTTP requests).
> > > > > >
> > > > > > However, encrypted traffic does not (HTTPS and SSH). SSH
> > > > > > connections get this far before appearing to hang:
> > > > > >
> > > > > > <snip>
> > > > > > debug1: Enabling compatibility mode for protocol 2.0
> > > > > > debug1: Local version string SSH-2.0-OpenSSH_6.6.1
> > > > > > debug1: Remote protocol version 2.0, remote software version
> > > > > > OpenSSH_6.6.1
> > > > > > debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000
> > > > > > debug2: fd 3 setting O_NONBLOCK
> > > > > > debug3: put_host_port: [10.10.1.1]:26513
> > > > > > debug1: SSH2_MSG_KEXINIT sent
> > > > > >
> > > > > > Thie eventually times out.
> > > > > >
> > > > > > We moved the server to a standard broadband connection and
> > > > > > everything works, including HTTPS and SSH connections.
> > > > > >
> > > > > > Is it possible there’s something on the path from their connection
> > > > > > that’s causing this? As far as I’m aware all traffic through the
> > > > > > VPN will appear as random bytes to anything it passes through, so
> > > > > > I’m at a loss to explain this.
> > > > > >
> > > > > > Any help would be greatly appreciated.
> > > > > >
> > > > > > Thanks.
> > > > > >
> > > > > > -Stuart
> > > > > >
> > > > > >
> > > > > > ------------------------------------------------------------------------------
> > > > > > Check out the vibrant tech community on one of the world's most
> > > > > > engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> > > > > > _______________________________________________
> > > > > > Openvpn-users mailing list
> > > > > > Openvpn-users@lists.sourceforge.net
> > > > > > https://lists.sourceforge.net/lists/listinfo/openvpn-users
> > > > > >
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
