Discussion:
[Vtun-Users] vTUN-Server does not close died connection
Michael Rack
2008-09-09 06:19:56 UTC
Permalink
Hi List,

my name is Michael Rack and i'm new to this list. My vTUN-Server doesn't
detect a connection abort.

My DSL-Provider cut the internet-connection every 24 hours to avoid
business-usage. After a cut, i can reauthenticate with the PPPoE-Server
but it give me a new ip-address. vTUN-Client detect a connection abort
and reconnect to the server properly - but the vTUN-Server doesn't
detect a connection abort and leave the tap-device still up and running.

My vTUN-Profile (serverside) bond all tap-devices together for
round-robin multi-path. The activity for each port is detected via
mii-device-status.

In case of a connection-abort, two tap-devices will created (serverside)
and attatched to the bonding-channel. Now i get a very high packet-loss,
because every tap-device is in use for transmit packets.

Why does vTUN not decide if a connection is up or down correctly?
default {
compress no;
speed 0;
encrypt no;
proto udp;
type ether;
keepalive yes;
multi yes;
}
hausen-r01 {
passwd xxxxx;
up {
ip "link set up %% multicast off mtu 1500";
program "/sbin/ifenslave bond0 %%";
};
}
Kind Regards,
Michael Rack
bishop
2008-09-10 05:21:57 UTC
Permalink
Hi Michael,

The simplest change:

multi killold;

This will ensure the server removes the old device when a client
re-connects.

Your MTU is too high: 1450 for Broadband, 1442 for PPPoE. IP-in-IP
encapsulation adds 40 bytes or so for the added header, and PPPoE is
evil^H^H^H^H 8 more bytes.

Can you (privately) send me your bonding setup? It's interesting.

- bish
Post by Michael Rack
Hi List,
my name is Michael Rack and i'm new to this list. My vTUN-Server doesn't
detect a connection abort.
My DSL-Provider cut the internet-connection every 24 hours to avoid
business-usage. After a cut, i can reauthenticate with the PPPoE-Server
but it give me a new ip-address. vTUN-Client detect a connection abort
and reconnect to the server properly - but the vTUN-Server doesn't
detect a connection abort and leave the tap-device still up and running.
My vTUN-Profile (serverside) bond all tap-devices together for
round-robin multi-path. The activity for each port is detected via
mii-device-status.
In case of a connection-abort, two tap-devices will created (serverside)
and attatched to the bonding-channel. Now i get a very high packet-loss,
because every tap-device is in use for transmit packets.
Why does vTUN not decide if a connection is up or down correctly?
default {
compress no;
speed 0;
encrypt no;
proto udp;
type ether;
keepalive yes;
multi yes;
}
hausen-r01 {
passwd xxxxx;
up {
ip "link set up %% multicast off mtu 1500";
program "/sbin/ifenslave bond0 %%";
};
}
Michael Rack
2008-09-10 11:03:43 UTC
Permalink
Hi bish, thank you for this tip.
Post by bishop
multi killold;
But my vTun-Client connect serval times to the vTun-Server for load
balancing reasons (3 DSL Providers - 3 connections to vTun-Server).

I think i have to set the option "multi" to no and have to create more
profiles eg. hausen-r01-x1, hausen-r01-x2, hausen-r01-x3 for every
connect from A -> B.

It's a pity that vtun-server does not observe connection-aborts
automaticly :-(
Post by bishop
Can you (privately) send me your bonding setup? It's interesting.
Setup is totaly easy. 1 Root-Server is located in a colocation-center
with high bandwith up- and downstream-providers. At home there are three
DSL 6.000 kBit connections conneceted to one Linux-PC with three
vtun-clients running. All three tap-devices will bonded to one
port-channel via linux-bonding.
Post by bishop
options bond0 mode=0 miimon=100 downdelay=500 updelay=900
hausen-r01 {
passwd xxxxxxxx;
up {
ip "link set up %% multicast off mtu 1460";
program "/sbin/ifenslave bond0 %%";
};
}
hausen-r01 {
passwd xxxxxxx;
persist yes;
srcaddr {
iface eth1;
};
up {
ip "link set up %% multicast off mtu 1460";
program "/sbin/ifenslave bond0 %%";
};
}
hausen-r01 {
passwd xxxxxxx;
persist yes;
srcaddr {
iface eth2;
};
up {
ip "link set up %% multicast off mtu 1460";
program "/sbin/ifenslave bond0 %%";
};
}
.... and so on for every connection to my ISP.

Cheers,
Michael.
Post by bishop
Hi Michael,
multi killold;
This will ensure the server removes the old device when a client
re-connects.
Your MTU is too high: 1450 for Broadband, 1442 for PPPoE. IP-in-IP
encapsulation adds 40 bytes or so for the added header, and PPPoE is
evil^H^H^H^H 8 more bytes.
Can you (privately) send me your bonding setup? It's interesting.
- bish
Loading...