0

I have a Rocky Linux 8 distro in my office as a LAMP with the ODBC and SQL drivers.
This machine is behind a SonicWall VPN making a tunnel to another SonicWall to connect to the SQL Server. This Linux box is an API and needs to be working all the time, but since it is in our office and there is a lot of construction we have electrical power outages very frequently.

I decided to move this API box to the cloud.

Here is where I have the problem.

In the cloud I am using a rocky Linux 8 distro with libreswan to create the tunnel with the other SonicWall. I think the tunnel is working ok.

I have in the same network another Rocky Linux 8 box for the API with the same settings that I have in my office.

I am able to make Queries but only works if the query is small.

If I run a query with a select of 11 fields it times outs.... it just does not work...

The same long query works ok in my office, but not in cloud environment, but if I remove a couple of Select fields it works...

I tried setting the MTU on the tunnel to 1392 but it did not work. I believe the problem could be with the libreswan tunnel but I don't know what to do.

Here is the image of my setup

1

I hope it helps.

vimuth
  • 5,064
  • 33
  • 79
  • 116
joseggarza
  • 1
  • 2
  • Could you draw an image of your setup and put which comminucation paths are timing out and which aren't? It's hard to visualize with just a text – siggemannen Feb 23 '23 at 16:36
  • I added the image. I really think the problem has something to do with libreswan and its configuration. I dont understand why it will only work with an small query in columns selected. – joseggarza Feb 24 '23 at 21:28
  • hmm, interesting setup. Btw, what do you mean with "not work"? Do you get an immediate error, or does it time out after a while or something else? – siggemannen Feb 24 '23 at 21:34
  • Well, it just timeout. I increased the php max execution time but it didn't work. And the long query is not really long in data, it returns back in less than a second in my office, but running it behind the libreswan tunnel it times out unless I remove a few fields... – joseggarza Feb 26 '23 at 00:40

2 Answers2

0

just for the record, I used the following to fix the Issue.

iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1380

I found it on https://libreswan.org/wiki/FAQ#My_ssh_sessions_hang_or_connectivity_is_very_slow

it fixed the problem....

buddemat
  • 4,552
  • 14
  • 29
  • 49
joseggarza
  • 1
  • 2
0

After reading some articles about the different MTU of OCI instances and the MTU applied in the OCI VPN, my solution was to create routing rules within the instance limiting the MTU, this solved my problems with large queries.

Ex:

sudo ip route add 192.168.1.0/24 via 172.16.40.1 mtu 1200

About MTU : https://docs.oracle.com/pt-br/iaas/Content/Network/Troubleshoot/connectionhang.htm

Jeremy Caney
  • 7,102
  • 69
  • 48
  • 77
Arlindo Figueira
  • 1