Здравствуйте!
Есть openvpn сервер (ubuntu 11.04 amd64) и клиент (debian squeeze amd64). Линк коннектится и работает, но есть одно маленькое но. Ежели подключаться с сервера к клиенту по ssh, то при введении команды, которая производит сколько-либо объёмный вывод в консоль, оный вывод передаётся лишь частично, после чего ssh виснет и завершается после приблизительно часового ожидания. Например:
wormball@wormball-desktop:~$ ssh 192.168.137.6
wormball@192.168.137.6's password:
Linux debian 3.2.0-0.bpo.2-amd64 #1 SMP Sun Jun 3 21:40:57 UTC 2012 x86_64
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
You have new mail.
Last login: Sun Jun 17 01:06:04 2012 from 192.168.137.1
wormball@debian:~$ ls
~ addr.txt cam3.jpg camera cam.jpg daemon rsynclog.txt scripts shit video yes.txt Видео Документы Загрузки Изображения Музыка Общедоступные Рабочий стол Шаблоны
wormball@debian:~$ cd video/
wormball@debian:~/video$ cd cam3/
wormball@debian:~/video/cam3$ ls
01-20120616113000-snapshot.jpg 17-20120616145000-snapshot.jpg 266-20120614071000-snapshot.jpg 322-20120614175000-snapshot.jpg 361-20120615043000-snapshot.jpg 417-20120615151000-snapshot.jpg 457-20120616015000-snapshot.jpg
01-20120616125000-snapshot.jpg 17-20120616150000-snapshot.jpg 267-20120614072000-snapshot.jpg 322-20120614180000-snapshot.jpg 361-20120615044000-snapshot.jpg 419-20120615152000-snapshot.jpg 457-20120616020000-snapshot.jpg
01-20120616130000-snapshot.jpg 17-20120616151000-snapshot.jpg 269-20120614073000-snapshot.jpg 326-20120614181000-snapshot.jpg 361-20120615045000-snapshot.jpg 421-20120615153000-snapshot.jpg 457-20120616021000-snapshot.jpg
Write failed: Broken pipe
Однако ежели к нему снова подключиться по ssh, не дожидаясь окончания работы первого сеанса, то сие увенчается успехом и будет работать до первой команды с массивным выводом.
Более того, ежели к оному серверу подключиться по http (он передаёт онлайн-видео в mjpeg), то наблюдается аналогичное поведение - передаётся лишь небольшая часть данных, после чего наступает молчание. Из чего я делаю вывод, что виноват не ssh, а openvpn. Видимо, он на каком-то этапе не пускает большие пакеты.
Конфиг сервера:
wormball@wormball-desktop:~$ cat /etc/openvpn/server.conf | grep -v -x "#.*"
;local a.b.c.d
management localhost 1194
port 1194
;proto tcp
proto udp
;dev tap
dev tun0
;dev-node MyTap
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key # This file should be kept secret
dh /etc/openvpn/easy-rsa/keys/dh1024.pem
server 192.168.137.0 255.255.255.0
ifconfig-pool-persist ipp.txt
;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
push "route 192.168.137.0 255.255.255.0"
push "route 192.168.1.0 255.255.255.0"
;client-config-dir ccd
;route 10.9.0.0 255.255.255.252
;learn-address ./script
;push "redirect-gateway"
;push "dhcp-option DNS 10.8.0.1"
;push "dhcp-option WINS 10.8.0.1"
;client-to-client
;duplicate-cn
keepalive 10 120
;tls-auth ta.key 0 # This file is secret
;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES
comp-lzo
;max-clients 100
;user nobody
;group nogroup
persist-key
persist-tun
status openvpn-status.log
;log openvpn.log
;log-append openvpn.log
verb 3
;mute 20
Конфиг клиента:
remote alife-ru.org 1194
client
dev tun
proto udp
resolv-retry infinite # this is necessary for DynDNS
nobind
user nobody
group nogroup
persist-key
persist-tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/mason.crt
key /etc/openvpn/mason.key
comp-lzo
verb 4
mute 20
В логах ничего интересного:
wormball@wormball-desktop:~$ sudo cat /var/log/syslog | grep vpn
Jun 19 10:01:47 wormball-desktop ovpn-server[11260]: MULTI: multi_create_instance called
Jun 19 10:01:47 wormball-desktop ovpn-server[11260]: 178.176.233.238:61030 Re-using SSL/TLS context
Jun 19 10:01:47 wormball-desktop ovpn-server[11260]: 178.176.233.238:61030 LZO compression initialized
Jun 19 10:01:47 wormball-desktop ovpn-server[11260]: 178.176.233.238:61030 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Jun 19 10:01:47 wormball-desktop ovpn-server[11260]: 178.176.233.238:61030 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Jun 19 10:01:47 wormball-desktop ovpn-server[11260]: 178.176.233.238:61030 Local Options hash (VER=V4): '530fdded'
Jun 19 10:01:47 wormball-desktop ovpn-server[11260]: 178.176.233.238:61030 Expected Remote Options hash (VER=V4): '41690919'
Jun 19 10:01:47 wormball-desktop ovpn-server[11260]: 178.176.233.238:61030 TLS: Initial packet from [AF_INET]178.176.233.238:61030, sid=e344247a 8ec3c63b
Jun 19 10:01:55 wormball-desktop ovpn-server[11260]: 178.176.233.238:61030 VERIFY OK: depth=1, /C=RU/ST=RU/L=moscow/O=Firends/CN=Firends_CA/emailAddress=enzyme@nm.ru
Jun 19 10:01:55 wormball-desktop ovpn-server[11260]: 178.176.233.238:61030 VERIFY OK: depth=0, /C=RU/ST=RU/L=moscow/O=Firends/CN=mason/emailAddress=enzyme@nm.ru
Jun 19 10:01:59 wormball-desktop ovpn-server[11260]: 178.176.233.238:61030 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jun 19 10:01:59 wormball-desktop ovpn-server[11260]: 178.176.233.238:61030 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jun 19 10:01:59 wormball-desktop ovpn-server[11260]: 178.176.233.238:61030 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jun 19 10:01:59 wormball-desktop ovpn-server[11260]: 178.176.233.238:61030 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jun 19 10:02:01 wormball-desktop ovpn-server[11260]: 178.176.233.238:61030 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Jun 19 10:02:01 wormball-desktop ovpn-server[11260]: 178.176.233.238:61030 [mason] Peer Connection Initiated with [AF_INET]178.176.233.238:61030
Jun 19 10:02:01 wormball-desktop ovpn-server[11260]: 178.176.233.238:61030 PUSH: Received control message: 'PUSH_REQUEST'
Jun 19 10:02:01 wormball-desktop ovpn-server[11260]: mason/178.176.233.238:61030 MULTI: Learn: 192.168.137.6 -> mason/178.176.233.238:61030
Jun 19 10:02:01 wormball-desktop ovpn-server[11260]: mason/178.176.233.238:61030 MULTI: primary virtual IP for mason/178.176.233.238:61030: 192.168.137.6
Jun 19 10:02:06 wormball-desktop ovpn-server[11260]: mason/178.176.233.238:61030 PUSH: Received control message: 'PUSH_REQUEST'
Jun 19 10:02:06 wormball-desktop ovpn-server[11260]: mason/178.176.233.238:61030 SENT CONTROL [mason]: 'PUSH_REPLY,route 192.168.137.0 255.255.255.0,route 192.168.1.0 255.255.255.0,route 192.168.137.1,topology net30,ping 10,ping-restart 120,ifconfig 192.168.137.6 192.168.137.5' (status=1)
Jun 19 11:02:18 wormball-desktop ovpn-server[11260]: mason/178.176.233.238:61030 VERIFY OK: depth=1, /C=RU/ST=RU/L=moscow/O=Firends/CN=Firends_CA/emailAddress=enzyme@nm.ru
Jun 19 11:02:18 wormball-desktop ovpn-server[11260]: mason/178.176.233.238:61030 VERIFY OK: depth=0, /C=RU/ST=RU/L=moscow/O=Firends/CN=mason/emailAddress=enzyme@nm.ru
Jun 19 11:02:29 wormball-desktop ovpn-server[11260]: mason/178.176.233.238:61030 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jun 19 11:02:29 wormball-desktop ovpn-server[11260]: mason/178.176.233.238:61030 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jun 19 11:02:29 wormball-desktop ovpn-server[11260]: mason/178.176.233.238:61030 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jun 19 11:02:29 wormball-desktop ovpn-server[11260]: mason/178.176.233.238:61030 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jun 19 11:02:33 wormball-desktop ovpn-server[11260]: mason/178.176.233.238:61030 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Jun 19 12:01:59 wormball-desktop ovpn-server[11260]: mason/178.176.233.238:61030 TLS: tls_process: killed expiring key
Jun 19 12:02:45 wormball-desktop ovpn-server[11260]: mason/178.176.233.238:61030 VERIFY OK: depth=1, /C=RU/ST=RU/L=moscow/O=Firends/CN=Firends_CA/emailAddress=enzyme@nm.ru
Jun 19 12:02:45 wormball-desktop ovpn-server[11260]: mason/178.176.233.238:61030 VERIFY OK: depth=0, /C=RU/ST=RU/L=moscow/O=Firends/CN=mason/emailAddress=enzyme@nm.ru
Jun 19 12:02:49 wormball-desktop ovpn-server[11260]: mason/178.176.233.238:61030 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jun 19 12:02:49 wormball-desktop ovpn-server[11260]: mason/178.176.233.238:61030 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jun 19 12:02:49 wormball-desktop ovpn-server[11260]: mason/178.176.233.238:61030 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jun 19 12:02:49 wormball-desktop ovpn-server[11260]: mason/178.176.233.238:61030 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jun 19 12:02:49 wormball-desktop ovpn-server[11260]: mason/178.176.233.238:61030 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Jun 19 13:02:29 wormball-desktop ovpn-server[11260]: mason/178.176.233.238:61030 TLS: tls_process: killed expiring key
Jun 19 13:02:50 wormball-desktop ovpn-server[11260]: mason/178.176.233.238:61030 TLS: soft reset sec=-1 bytes=138631/0 pkts=1570/0
Jun 19 13:03:13 wormball-desktop ovpn-server[11260]: mason/178.176.233.238:61030 VERIFY OK: depth=1, /C=RU/ST=RU/L=moscow/O=Firends/CN=Firends_CA/emailAddress=enzyme@nm.ru
Jun 19 13:03:13 wormball-desktop ovpn-server[11260]: mason/178.176.233.238:61030 VERIFY OK: depth=0, /C=RU/ST=RU/L=moscow/O=Firends/CN=mason/emailAddress=enzyme@nm.ru
Jun 19 13:03:28 wormball-desktop ovpn-server[11260]: mason/178.176.233.238:61030 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jun 19 13:03:28 wormball-desktop ovpn-server[11260]: mason/178.176.233.238:61030 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jun 19 13:03:28 wormball-desktop ovpn-server[11260]: mason/178.176.233.238:61030 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jun 19 13:03:28 wormball-desktop ovpn-server[11260]: mason/178.176.233.238:61030 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jun 19 13:03:28 wormball-desktop ovpn-server[11260]: mason/178.176.233.238:61030 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Jun 19 14:02:50 wormball-desktop ovpn-server[11260]: mason/178.176.233.238:61030 TLS: tls_process: killed expiring key
Jun 19 14:03:28 wormball-desktop ovpn-server[11260]: mason/178.176.233.238:61030 TLS: soft reset sec=0 bytes=64386/0 pkts=819/0
Jun 19 14:03:40 wormball-desktop ovpn-server[11260]: mason/178.176.233.238:61030 VERIFY OK: depth=1, /C=RU/ST=RU/L=moscow/O=Firends/CN=Firends_CA/emailAddress=enzyme@nm.ru
Jun 19 14:03:40 wormball-desktop ovpn-server[11260]: mason/178.176.233.238:61030 VERIFY OK: depth=0, /C=RU/ST=RU/L=moscow/O=Firends/CN=mason/emailAddress=enzyme@nm.ru
Jun 19 14:03:44 wormball-desktop ovpn-server[11260]: mason/178.176.233.238:61030 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jun 19 14:03:44 wormball-desktop ovpn-server[11260]: mason/178.176.233.238:61030 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jun 19 14:03:44 wormball-desktop ovpn-server[11260]: mason/178.176.233.238:61030 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jun 19 14:03:44 wormball-desktop ovpn-server[11260]: mason/178.176.233.238:61030 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jun 19 14:03:46 wormball-desktop ovpn-server[11260]: mason/178.176.233.238:61030 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Jun 19 15:03:28 wormball-desktop ovpn-server[11260]: mason/178.176.233.238:61030 TLS: tls_process: killed expiring key
Jun 19 15:04:03 wormball-desktop ovpn-server[11260]: mason/178.176.233.238:61030 VERIFY OK: depth=1, /C=RU/ST=RU/L=moscow/O=Firends/CN=Firends_CA/emailAddress=enzyme@nm.ru
Jun 19 15:04:03 wormball-desktop ovpn-server[11260]: mason/178.176.233.238:61030 VERIFY OK: depth=0, /C=RU/ST=RU/L=moscow/O=Firends/CN=mason/emailAddress=enzyme@nm.ru
Jun 19 15:04:09 wormball-desktop ovpn-server[11260]: mason/178.176.233.238:61030 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jun 19 15:04:09 wormball-desktop ovpn-server[11260]: mason/178.176.233.238:61030 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jun 19 15:04:09 wormball-desktop ovpn-server[11260]: mason/178.176.233.238:61030 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jun 19 15:04:09 wormball-desktop ovpn-server[11260]: mason/178.176.233.238:61030 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jun 19 15:04:12 wormball-desktop ovpn-server[11260]: mason/178.176.233.238:61030 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Jun 19 16:03:46 wormball-desktop ovpn-server[11260]: mason/178.176.233.238:61030 TLS: tls_process: killed expiring key
Jun 19 16:04:12 wormball-desktop ovpn-server[11260]: mason/178.176.233.238:61030 VERIFY OK: depth=1, /C=RU/ST=RU/L=moscow/O=Firends/CN=Firends_CA/emailAddress=enzyme@nm.ru
Jun 19 16:04:12 wormball-desktop ovpn-server[11260]: mason/178.176.233.238:61030 VERIFY OK: depth=0, /C=RU/ST=RU/L=moscow/O=Firends/CN=mason/emailAddress=enzyme@nm.ru
Jun 19 16:04:21 wormball-desktop ovpn-server[11260]: mason/178.176.233.238:61030 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jun 19 16:04:21 wormball-desktop ovpn-server[11260]: mason/178.176.233.238:61030 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jun 19 16:04:21 wormball-desktop ovpn-server[11260]: mason/178.176.233.238:61030 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jun 19 16:04:21 wormball-desktop ovpn-server[11260]: mason/178.176.233.238:61030 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jun 19 16:04:21 wormball-desktop ovpn-server[11260]: mason/178.176.233.238:61030 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Jun 19 17:04:09 wormball-desktop ovpn-server[11260]: mason/178.176.233.238:61030 TLS: tls_process: killed expiring key
Jun 19 17:04:21 wormball-desktop ovpn-server[11260]: mason/178.176.233.238:61030 TLS: soft reset sec=0 bytes=53665/0 pkts=761/0
Jun 19 17:04:22 wormball-desktop ovpn-server[11260]: mason/178.176.233.238:61030 VERIFY OK: depth=1, /C=RU/ST=RU/L=moscow/O=Firends/CN=Firends_CA/emailAddress=enzyme@nm.ru
Jun 19 17:04:22 wormball-desktop ovpn-server[11260]: mason/178.176.233.238:61030 VERIFY OK: depth=0, /C=RU/ST=RU/L=moscow/O=Firends/CN=mason/emailAddress=enzyme@nm.ru
Jun 19 17:04:22 wormball-desktop ovpn-server[11260]: mason/178.176.233.238:61030 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jun 19 17:04:22 wormball-desktop ovpn-server[11260]: mason/178.176.233.238:61030 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jun 19 17:04:22 wormball-desktop ovpn-server[11260]: mason/178.176.233.238:61030 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jun 19 17:04:22 wormball-desktop ovpn-server[11260]: mason/178.176.233.238:61030 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jun 19 17:04:22 wormball-desktop ovpn-server[11260]: mason/178.176.233.238:61030 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Кто виноват и что делать?
Заранее благодарен.