Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Weird D.O Singapore L2TP/IPSEC VPN problem
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Weird D.O Singapore L2TP/IPSEC VPN problem

cosmicgatecosmicgate Member
edited April 2014 in Help

Hi guys, anyone ever faced problem with l2tp/ipsec vpn crashing your vps after you disconnect from the vpn? In this case, i have a vps with debian 6 from D.O in SG and it is crashing everytime i disconnect vpn from phone.

Just to recap what is happening:

1) I have L2tp/Ipsec vpn installed on DO vps in Singapore.
2) Connects to vpn from my phone to watch youtube
3) 15-20 mins of youtube with vpn, the vpn becomes unresponsive.
4) Disconnect from the VPN and the VPS crashes.

The weirdest part of this is that once i disconnect from vpn, the server crashes immediately. This is true 10/10. If i did not disconnect the server will not crash.

This is the error message i get when i console access to it:

http://imgur.com/FaIV87k

I only use the vps for VPN to watch youtube, netflix and some other online streaming content and that's it. Any idea what is causing it?

Comments

  • dccdcc Member, Host Rep

    From the screenshot it looks like this VPS had over 5 days of uptime before the crash. Are you able to reliably reproduce this? If so, what are the last records in the syslog before the crash?

  • cosmicgatecosmicgate Member
    edited April 2014

    @dcc said:
    From the screenshot it looks like this VPS had over 5 days of uptime before the crash. Are you able to reliably reproduce this? If so, what are the last records in the syslog before the crash?

    Yes it does. I seldom use it to be honest, only occasionally when i need to watch geo restricted content do i log on the vpn. Other than that it is pretty much an idle vps. I noticed it only happened on the l2tp/ipsec vpn, if i log on using openvpn it's fine.

    There are no error messages from syslog. Everything seems to be normal.

    I can always reproduce this if i watch youtube more than 15 mins =P.

  • Change kernel. Seems either some kind of memory leak or kernel bug.

  • dccdcc Member, Host Rep

    I would vote for kernel too.

  • @rds100 : That's what i thought too. Changed the kernels and it will fix it temporary until a couple days later when i log on and do the same youtube watching. Weird thing is it is only happening in the SG location. Other location seems to be fine.

  • dcc said: I would vote for kernel too.

    Same thing after changing kernel.

  • Destroy the instance and create a new one, hoping that it will end on a different hardware node? And see how it behaves then.

  • cosmicgatecosmicgate Member
    edited April 2014

    Okay just a quick update, i might have found the solution for this problem. However it remains unclear whether it is a node configuration problem, openswan problem, NAT problem or some other memory leak problem as this only happens on L2TP/IPsec vpn. I will test it again in a couple of days to see if it is still having the same problem.

    One thing i noticed is that nf_conntrack keeps throwing random messages about tables are full. Since this is an idle server, the iptables buffer must be congested or some sort of misconfiguration must be happening at the SG location(All other locations are fine, it doesn't matter how many times or how many vps i create in SG, it is still happening so the problem must be with the SG node)

    Force dropping packet errors by raising the nf_conntrack

    echo 'net.netfilter.nf_conntrack_count=131072' >> /etc/sysctl.conf

    adjust the default hashsize for new change

    echo 32768 > /sys/module/nf_conntrack/parameters/hashsize

    adjusted as well the tcp timeout

    echo 'net.ipv4.netfilter.ip_conntrack_generic_timeout=120' >> /etc/sysctl.conf
    echo 'net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 54000' >> /etc/sysctl.conf

    and make changes without reboot:

    sysctl -p

    This seems to have fixed the problem. At least i've tried watching youtube for 20 minutes without any problem. I tried disconnecting from vpn and it doesn't crash the server anymore!

    Yay!.

    Edit: further read about the issue. This seems to be an openswan problem with the kernel + NAT buffer problems.

  • rds100 said: Destroy the instance and create a new one, hoping that it will end on a different hardware node? And see how it behaves then.

    I have tried that before. Even created 2 instances and still having the same problem. I just didn't bothered about it until now. Anyways the problem seems to be fixed.

  • howardsl2howardsl2 Member
    edited April 2014

    Glad to hear you got it working. In case you encounter further VPN problems, try switching to Libreswan. It is more actively developed with recent bugfixes. See my auto install script for IPsec/L2TP VPN on Ubuntu with detailed instructions.

Sign In or Register to comment.