服务器 Gind.cn
  1. 服务器 Gind.cn
  3. SSH通过OpenVPN连接时超时
Intereting Posts
意外的dd格式保存数据 需要帮助在Mac OS X Apache上运行CGI脚本 为Windows上的文件和文件夹命名添加限制 使用b140i raid控制器在HP ML 150 gen9服务器上安装CentOS 6 Windows 2003影子拷贝 Windows Server 2012用户login和注销时间 使用Plesk 9.5将Ubuntu Server 8.04中的PHP升级到5.3 在运行VM的Hyper-V服务器上运行Windows Update的最佳做法是什么? 将由Monit收集的系统信息logging到本地日志 如何获得lvm快照的创builddate? Linux iSCSI – 限制最大并发会话数 准系统networking设备,4+千兆网卡,英特尔芯片组 Internet Explorer SSL使用导致segfault – apr_uri_parse中的Apache httpd SIGSEGV 将所有电子邮件转发到gmail电子邮件/ etc / aliases 问题在MySQL数据库。 在服务器上的错误,并在当地工作正常

SSH通过OpenVPN连接时超时

我已经在路由模式下设置了OpenVPN服务器。 当我尝试通过SSH连接到我的VPN服务器时,它挂在: 

ssh -i .ssh/mpolitaev_mba [email protected] -vvv OpenSSH_7.4p1, LibreSSL 2.5.0 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 20: Applying options for * debug1: /etc/ssh/ssh_config line 97: Deprecated option "useroaming" debug1: /etc/ssh/ssh_config line 105: Applying options for * debug2: resolving "192.168.200.1" port 22 debug2: ssh_connect_direct: needpriv 0 debug1: Connecting to 192.168.200.1 [192.168.200.1] port 22. debug1: Connection established. debug1: identity file .ssh/mpolitaev_mba type 1 debug1: key_load_public: No such file or directory debug1: identity file .ssh/mpolitaev_mba-cert type -1 debug1: identity file /Users/mpolitaev/.ssh/aws_prod type 2 debug1: key_load_public: No such file or directory debug1: identity file /Users/mpolitaev/.ssh/aws_prod-cert type -1 debug1: identity file /Users/mpolitaev/.ssh/aws_dev type 1 debug1: key_load_public: No such file or directory debug1: identity file /Users/mpolitaev/.ssh/aws_dev-cert type -1 debug1: identity file /Users/mpolitaev/.ssh/rackspace type 1 debug1: key_load_public: No such file or directory debug1: identity file /Users/mpolitaev/.ssh/rackspace-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.4 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3 debug1: match: OpenSSH_5.3 pat OpenSSH_5* compat 0x0c000000 debug2: fd 3 setting O_NONBLOCK debug1: Authenticating to 192.168.200.1:22 as 'mpolitaev' debug3: hostkeys_foreach: reading file "/dev/null" debug3: send packet: type 20 debug1: SSH2_MSG_KEXINIT sent Connection to 192.168.200.1 port 22 timed out

我的猜测,来自VPN服务器的数据包由于本地笔记本电脑上的tcpdump日志而中断: 

 13:55:01.147863 IP (tos 0x0, ttl 64, id 27443, offset 0, flags [DF], proto TCP (6), length 64) 10.54.108.6.54922 > 192.168.200.1.22: Flags [S], cksum 0xf9bb (correct), seq 3468332659, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 901043415 ecr 0,sackOK,eol], length 0 13:55:01.206537 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60) 192.168.200.1.22 > 10.54.108.6.54922: Flags [S.], cksum 0x167a (correct), seq 1112662382, ack 3468332660, win 14480, options [mss 1288,sackOK,TS val 174689830 ecr 901043415,nop,wscale 7], length 0 13:55:01.206616 IP (tos 0x0, ttl 64, id 2145, offset 0, flags [DF], proto TCP (6), length 52) 10.54.108.6.54922 > 192.168.200.1.22: Flags [.], cksum 0x6ce5 (correct), seq 1, ack 1, win 4107, options [nop,nop,TS val 901043473 ecr 174689830], length 0 13:55:01.211397 IP (tos 0x0, ttl 64, id 27582, offset 0, flags [DF], proto TCP (6), length 73) 10.54.108.6.54922 > 192.168.200.1.22: Flags [P.], cksum 0xa91b (correct), seq 1:22, ack 1, win 4107, options [nop,nop,TS val 901043477 ecr 174689830], length 21 13:55:01.269790 IP (tos 0x0, ttl 64, id 28464, offset 0, flags [DF], proto TCP (6), length 52) 192.168.200.1.22 > 10.54.108.6.54922: Flags [.], cksum 0x7c27 (correct), seq 1, ack 22, win 114, options [nop,nop,TS val 174689892 ecr 901043477], length 0 13:55:01.370906 IP (tos 0x0, ttl 64, id 28465, offset 0, flags [DF], proto TCP (6), length 73) 192.168.200.1.22 > 10.54.108.6.54922: Flags [P.], cksum 0xbafe (correct), seq 1:22, ack 22, win 114, options [nop,nop,TS val 174689991 ecr 901043477], length 21 13:55:01.370968 IP (tos 0x0, ttl 64, id 25885, offset 0, flags [DF], proto TCP (6), length 52) 10.54.108.6.54922 > 192.168.200.1.22: Flags [.], cksum 0x6b7a (correct), seq 22, ack 22, win 4106, options [nop,nop,TS val 901043634 ecr 174689991], length 0 13:55:01.371771 IP (tos 0x0, ttl 64, id 52837, offset 0, flags [DF], proto TCP (6), length 1328) 10.54.108.6.54922 > 192.168.200.1.22: Flags [.], cksum 0xb35c (correct), seq 22:1298, ack 22, win 4106, options [nop,nop,TS val 901043634 ecr 174689991], length 1276 13:55:01.371850 IP (tos 0x0, ttl 64, id 51514, offset 0, flags [DF], proto TCP (6), length 208) 10.54.108.6.54922 > 192.168.200.1.22: Flags [P.], cksum 0x9a41 (correct), seq 1298:1454, ack 22, win 4106, options [nop,nop,TS val 901043634 ecr 174689991], length 156 13:55:01.427768 IP5 13:55:01.442396 IP (tos 0x0, ttl 64, id 28467, offset 0, flags [DF], proto TCP (6), length 52) 192.168.200.1.22 > 10.54.108.6.54922: Flags [.], cksum 0x7278 (correct), seq 862, ack 1298, win 136, options [nop,nop,TS val 174690055 ecr 901043634], length 0 13:55:01.442563 IP (tos 0x0, ttl 64, id 28468, offset 0, flags [DF], proto TCP (6), length 52) 192.168.200.1.22 > 10.54.108.6.54922: Flags [.], cksum 0x71c8 (correct), seq 862, ack 1454, win 156, options [nop,nop,TS val 174690055 ecr 901043634], length 0 13:55:01.686620 IP5 13:55:02.198083 IP5 13:55:03.226019 IP5 13:55:05.284218 IP5 13:55:09.644658 IP5 13:55:17.633380 IP5 13:55:34.225695 IP5 13:56:06.963920 IP5 13:57:01.368988 IP (tos 0x0, ttl 64, id 28477, offset 0, flags [DF], proto TCP (6), length 52) 192.168.200.1.22 > 10.54.108.6.54922: Flags [F.], cksum 0x9d44 (correct), seq 862, ack 1454, win 156, options [nop,nop,TS val 174809992 ecr 901043634], length 0 13:57:01.369106 IP (tos 0x0, ttl 64, id 4567, offset 0, flags [DF], proto TCP (6), length 64) 10.54.108.6.54922 > 192.168.200.1.22: Flags [.], cksum 0x0e83 (correct), seq 1454, ack 22, win 4106, options [nop,nop,TS val 901163195 ecr 174689991,nop,nop,sack 1 {862:863}], length 0

什么是“IP5”?

从服务器端: 

 tcpdump -i tun1 -nn -vv tcpdump: listening on tun1, link-type RAW (Raw IP), capture size 65535 bytes 13:55:01.226101 IP (tos 0x0, ttl 64, id 27443, offset 0, flags [DF], proto TCP (6), length 64) 10.54.108.6.54922 > 192.168.200.1.22: Flags [S], cksum 0xfa67 (correct), seq 3468332659, win 65535, options [mss 1288,nop,wscale 5,nop,nop,TS val 901043415 ecr 0,sackOK,eol], length 0 13:55:01.226120 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60) 192.168.200.1.22 > 10.54.108.6.54922: Flags [S.], cksum 0x15ce (correct), seq 1112662382, ack 3468332660, win 14480, options [mss 1460,sackOK,TS val 174689830 ecr 901043415,nop,wscale 7], length 0 13:55:01.282564 IP (tos 0x0, ttl 64, id 2145, offset 0, flags [DF], proto TCP (6), length 52) 10.54.108.6.54922 > 192.168.200.1.22: Flags [.], cksum 0x6ce5 (correct), seq 1, ack 1, win 4107, options [nop,nop,TS val 901043473 ecr 174689830], length 0 13:55:01.287821 IP (tos 0x0, ttl 64, id 27582, offset 0, flags [DF], proto TCP (6), length 73) 10.54.108.6.54922 > 192.168.200.1.22: Flags [P.], cksum 0xa91b (correct), seq 1:22, ack 1, win 4107, options [nop,nop,TS val 901043477 ecr 174689830], length 21 13:55:01.287829 IP (tos 0x0, ttl 64, id 28464, offset 0, flags [DF], proto TCP (6), length 52) 192.168.200.1.22 > 10.54.108.6.54922: Flags [.], cksum 0x7c27 (correct), seq 1, ack 22, win 114, options [nop,nop,TS val 174689892 ecr 901043477], length 0 13:55:01.387274 IP (tos 0x0, ttl 64, id 28465, offset 0, flags [DF], proto TCP (6), length 73) 192.168.200.1.22 > 10.54.108.6.54922: Flags [P.], cksum 0xbafe (correct), seq 1:22, ack 22, win 114, options [nop,nop,TS val 174689991 ecr 901043477], length 21 13:55:01.446675 IP (tos 0x0, ttl 64, id 25885, offset 0, flags [DF], proto TCP (6), length 52) 10.54.108.6.54922 > 192.168.200.1.22: Flags [.], cksum 0x6b7a (correct), seq 22, ack 22, win 4106, options [nop,nop,TS val 901043634 ecr 174689991], length 0 13:55:01.446684 IP (tos 0x0, ttl 64, id 28466, offset 0, flags [DF], proto TCP (6), length 892) 192.168.200.1.22 > 10.54.108.6.54922: Flags [P.], cksum 0x76dc (correct), seq 22:862, ack 22, win 114, options [nop,nop,TS val 174690051 ecr 901043634], length 840 13:55:01.450341 IP (tos 0x0, ttl 64, id 52837, offset 0, flags [DF], proto TCP (6), length 1328) 10.54.108.6.54922 > 192.168.200.1.22: Flags [.], cksum 0xb35c (correct), seq 22:1298, ack 22, win 4106, options [nop,nop,TS val 901043634 ecr 174689991], length 1276 13:55:01.450348 IP (tos 0x0, ttl 64, id 28467, offset 0, flags [DF], proto TCP (6), length 52) 192.168.200.1.22 > 10.54.108.6.54922: Flags [.], cksum 0x7278 (correct), seq 862, ack 1298, win 136, options [nop,nop,TS val 174690055 ecr 901043634], length 0 13:55:01.450356 IP (tos 0x0, ttl 64, id 51514, offset 0, flags [DF], proto TCP (6), length 208) 10.54.108.6.54922 > 192.168.200.1.22: Flags [P.], cksum 0x9a41 (correct), seq 1298:1454, ack 22, win 4106, options [nop,nop,TS val 901043634 ecr 174689991], length 156 13:55:01.450359 IP (tos 0x0, ttl 64, id 28468, offset 0, flags [DF], proto TCP (6), length 52) 192.168.200.1.22 > 10.54.108.6.54922: Flags [.], cksum 0x71c8 (correct), seq 862, ack 1454, win 156, options [nop,nop,TS val 174690055 ecr 901043634], length 0 13:55:01.703311 IP (tos 0x0, ttl 64, id 28469, offset 0, flags [DF], proto TCP (6), length 892) 192.168.200.1.22 > 10.54.108.6.54922: Flags [P.], cksum 0x7019 (correct), seq 22:862, ack 1454, win 156, options [nop,nop,TS val 174690308 ecr 901043634], length 840 13:55:02.217306 IP (tos 0x0, ttl 64, id 28470, offset 0, flags [DF], proto TCP (6), length 892) 192.168.200.1.22 > 10.54.108.6.54922: Flags [P.], cksum 0x6e17 (correct), seq 22:862, ack 1454, win 156, options [nop,nop,TS val 174690822 ecr 901043634], length 840 13:55:03.245283 IP (tos 0x0, ttl 64, id 28471, offset 0, flags [DF], proto TCP (6), length 892) 192.168.200.1.22 > 10.54.108.6.54922: Flags [P.], cksum 0x6a13 (correct), seq 22:862, ack 1454, win 156, options [nop,nop,TS val 174691850 ecr 901043634], length 840 13:55:05.301311 IP (tos 0x0, ttl 64, id 28472, offset 0, flags [DF], proto TCP (6), length 892) 192.168.200.1.22 > 10.54.108.6.54922: Flags [P.], cksum 0x620b (correct), seq 22:862, ack 1454, win 156, options [nop,nop,TS val 174693906 ecr 901043634], length 840 13:55:09.413283 IP (tos 0x0, ttl 64, id 28473, offset 0, flags [DF], proto TCP (6), length 892) 192.168.200.1.22 > 10.54.108.6.54922: Flags [P.], cksum 0x51fb (correct), seq 22:862, ack 1454, win 156, options [nop,nop,TS val 174698018 ecr 901043634], length 840 13:55:17.637285 IP (tos 0x0, ttl 64, id 28474, offset 0, flags [DF], proto TCP (6), length 892) 192.168.200.1.22 > 10.54.108.6.54922: Flags [P.], cksum 0x31db (correct), seq 22:862, ack 1454, win 156, options [nop,nop,TS val 174706242 ecr 901043634], length 840 13:55:34.085309 IP (tos 0x0, ttl 64, id 28475, offset 0, flags [DF], proto TCP (6), length 892) 192.168.200.1.22 > 10.54.108.6.54922: Flags [P.], cksum 0xf19a (correct), seq 22:862, ack 1454, win 156, options [nop,nop,TS val 174722690 ecr 901043634], length 840

ping到192.168.200.1就可以了。 我以为大包不能通过VPN隧道,但看到我的本地PC上的大(1276)数据包来自VPN服务器,而较小(892)数据包没有达到我的笔记本电脑。

哪里可以解决问题?

原因在于新一代压缩。 我已禁用它和SSHlogin好。