What does this OpenVPN client level 11 verb output tell us about the SSH connection hangs/stalls we are experiencing?

Question

What does this OpenVPN client level 11 verb output tell us about the SSH connection hangs/stalls we are experiencing?

Overview

After setting up OpenVPN, we are able to connect over SSH (e.g. to 10.8.0.9), but the SSH connection hangs/stalls, usually after about 2-minutes. The SSH connection is from Ubuntu 18 on WSL to Ubuntu 18 on Digital Ocean.

What have we tried?

We have done the following on the server and all the clients.

Since many suggest this is an MTU problem, we adjusted fragment and mssfix down to 1200.
We used ping, traceroute, and tracepath to check the MTU between hosts; the MTU comes in at around 1500.
We set the tun0 MTU at 1400 with sudo ip link set dev tun0 mtu 1400.
We disabled window scaling with sysctl -w net.ipv4.tcp_window_scaling=0.
To rule out Firewall causes, we have (temporarily) disabled the Firewall.

None of this is resolving the stalls/hangs. With all of the above changes, we can still connect over SSH, but within minutes, the SSH connection hangs/stalls.

Question

We have set our local VPN client's verb to 11. This is the output when the VPN is actively stalling/hanging. What hints, if any, does that output give us about what is causing the hang?

us=52848 UDP write returned 112
us=52924 PO_CTL rwflags=0x0001 ev=5 arg=0x55f0cef4c168
us=53000 PO_CTL rwflags=0x0001 ev=6 arg=0x55f0cef4c068
us=53032 I/O WAIT TR|Tw|SR|Sw [4/92829]
us=91180 PO_WAIT[1,0] fd=6 rev=0x00000001 rwflags=0x0001 arg=0x55f0cef4c068
us=91300  event_wait returned 1
us=91313 I/O WAIT status=0x0004
us=91325  read from TUN/TAP returned 84
us=91377 TUN READ [84]
us=91414 FRAG_OUT len=84 type=0 seq_id=0 frag_id=0 frag_size=0 flags=0x00000000
us=91427 TLS: tls_pre_encrypt: key_id=0
us=91471 tls_prepend_opcode_v2
us=91503 ENCRYPT IV: 000001ca c1f70e33 9b725bd5
us=91611 ENCRYPT FROM: 00000000 45000054 e8fe4000 40013d85 0a080005 0a080011 080071f2 0c2d000[more...]
us=91677 ENCRYPT AD: 48000008 000001ca
us=91787 ENCRYPT TO: 48000008 000001ca fda00e43 93938a26 d2f6b551 a96d0ced 95ce1caf cb4b087[more...]
us=91899 PO_CTL rwflags=0x0003 ev=5 arg=0x55f0cef4c168
us=91999 PO_CTL rwflags=0x0000 ev=6 arg=0x55f0cef4c068
us=92101 I/O WAIT Tr|Tw|SR|SW [3/92829]
us=92197 PO_WAIT[0,0] fd=5 rev=0x00000004 rwflags=0x0002 arg=0x55f0cef4c168
us=92287  event_wait returned 1
us=92358 I/O WAIT status=0x0002
us=92525 UDP WRITE [112] to [AF_INET]xxx.xxx.xxx.xxx:1194: P_DATA_V2 kid=0 DATA 00000800 0001cafd a00e4393 938a26d2 f6b551a9 6d0ced95 ce1cafcb 4b0874b[more...]

The hang usually lasts for upwards of five minutes, during which time ping no longer returns results and SSH is frozen. Once the hang resolves itself, both the ping and the SSH connection start working too.

ssh

openvpn

asked on Server Fault Apr 5, 2020 by

Shaun Luttin • edited Apr 5, 2020 by

Shaun Luttin

0 Answers

Nobody has answered this question yet.

User contributions licensed under CC BY-SA 3.0