1

I have an OpenVPN connection which was initially over UDP. After some time I started to have serious hiccups when running ssh inside that tunnel.

As seen from inside the tunnel, ssh packets were lost, there were Host Unreachable ICMP messages - all this translated into a connection which was hanging all the time (and then back to normal, to hang again after some time).

From the perspective of the carrier interface, I was seeing a constant flow of encrypted packets (DATA_V1 and DATA_V2). The OpenVPN server was stable (no disconnection / reconnection form the client).

I switched to TCP and all the problems are gone.

I now would like to understand which part of the connection is at fault.

Topologically speaking, the client and the server are ~10 hops away, with a RTT of 12 ms. The networks are presumably solid (the client, after leaving a solid corporate network goes to Level3, peered with Orange, which itself brings FTTH).

Is there a reasonable way to check whether the UDP issues are close to any of the ends (corporate or home)?

Note: I understand that UDP is by nature a protocol which expects losses. Due to the "solidity" of the network, they however seem to be way too important.

WoJ
  • 3,607
  • 9
  • 49
  • 79
  • Do you have for testing purposes a possibility to communicate outside a VPN? (to make checks with netio or something similar?) – marsh-wiggle Nov 21 '18 at 17:05
  • @marsh-wiggle: yes, I could set something up. A basic setup with an `iperf3` server on the host serving OpenVPN and the client running over UDP did not show any datagram loss. – WoJ Nov 21 '18 at 21:16
  • Use `traceroute --mtu` to look for MTU issues between you and the server via the VPN. – Michael Hampton Nov 21 '18 at 21:42

0 Answers0