All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Weird D.O Singapore L2TP/IPSEC VPN problem
Hi guys, anyone ever faced problem with l2tp/ipsec vpn crashing your vps after you disconnect from the vpn? In this case, i have a vps with debian 6 from D.O in SG and it is crashing everytime i disconnect vpn from phone.
Just to recap what is happening:
1) I have L2tp/Ipsec vpn installed on DO vps in Singapore.
2) Connects to vpn from my phone to watch youtube
3) 15-20 mins of youtube with vpn, the vpn becomes unresponsive.
4) Disconnect from the VPN and the VPS crashes.
The weirdest part of this is that once i disconnect from vpn, the server crashes immediately. This is true 10/10. If i did not disconnect the server will not crash.
This is the error message i get when i console access to it:
I only use the vps for VPN to watch youtube, netflix and some other online streaming content and that's it. Any idea what is causing it?
Comments
From the screenshot it looks like this VPS had over 5 days of uptime before the crash. Are you able to reliably reproduce this? If so, what are the last records in the syslog before the crash?
Yes it does. I seldom use it to be honest, only occasionally when i need to watch geo restricted content do i log on the vpn. Other than that it is pretty much an idle vps. I noticed it only happened on the l2tp/ipsec vpn, if i log on using openvpn it's fine.
There are no error messages from syslog. Everything seems to be normal.
I can always reproduce this if i watch youtube more than 15 mins =P.
Change kernel. Seems either some kind of memory leak or kernel bug.
I would vote for kernel too.
@rds100 : That's what i thought too. Changed the kernels and it will fix it temporary until a couple days later when i log on and do the same youtube watching. Weird thing is it is only happening in the SG location. Other location seems to be fine.
Same thing after changing kernel.
Destroy the instance and create a new one, hoping that it will end on a different hardware node? And see how it behaves then.
Okay just a quick update, i might have found the solution for this problem. However it remains unclear whether it is a node configuration problem, openswan problem, NAT problem or some other memory leak problem as this only happens on L2TP/IPsec vpn. I will test it again in a couple of days to see if it is still having the same problem.
One thing i noticed is that nf_conntrack keeps throwing random messages about tables are full. Since this is an idle server, the iptables buffer must be congested or some sort of misconfiguration must be happening at the SG location(All other locations are fine, it doesn't matter how many times or how many vps i create in SG, it is still happening so the problem must be with the SG node)
Force dropping packet errors by raising the nf_conntrack
echo 'net.netfilter.nf_conntrack_count=131072' >> /etc/sysctl.conf
adjust the default hashsize for new change
echo 32768 > /sys/module/nf_conntrack/parameters/hashsize
adjusted as well the tcp timeout
echo 'net.ipv4.netfilter.ip_conntrack_generic_timeout=120' >> /etc/sysctl.conf
echo 'net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 54000' >> /etc/sysctl.conf
and make changes without reboot:
sysctl -p
This seems to have fixed the problem. At least i've tried watching youtube for 20 minutes without any problem. I tried disconnecting from vpn and it doesn't crash the server anymore!
Yay!.
Edit: further read about the issue. This seems to be an openswan problem with the kernel + NAT buffer problems.
I have tried that before. Even created 2 instances and still having the same problem. I just didn't bothered about it until now. Anyways the problem seems to be fixed.
Glad to hear you got it working. In case you encounter further VPN problems, try switching to Libreswan. It is more actively developed with recent bugfixes. See my auto install script for IPsec/L2TP VPN on Ubuntu with detailed instructions.