juma93
18-05-2013, 15:59
Salve, ho installato e configurato OpenVPN su un VPS di mia proprietà, e dopo aver configurato iptables per nattare le connessioni dalla VPN riesco a navigare senza problemi.
Il problema è che quando provo a caricare o scaricare un file, per circa 5 secondi il trasferimento va a banda piena, dopodiché si ferma per ripartire non prima di una trentina di secondi dopo, e così via.
Se invece provo a scaricare lo stesso file direttamente dal server, va senza alcun problema.
Questi sono i miei file di configurazione:
iptables:
[root@selfserver ~]# iptables -L -v
Chain INPUT (policy DROP 24 packets, 4306 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- lo any anywhere anywhere
2289 169K ACCEPT tcp -- any any anywhere anywhere tcp dpt:ssh
23847 5823K ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:minecraft
8 832 ACCEPT icmp -- any any anywhere anywhere
1 70 ACCEPT udp -- any any anywhere anywhere udp dpt:openvpn
248 14880 ACCEPT tcp -- any any anywhere anywhere tcp dpt:globe
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
25947 28M ACCEPT all -- eth0 tun0 anywhere anywhere state RELATED,ESTABLISHED
18077 4287K ACCEPT all -- tun0 eth0 anywhere anywhere
Chain OUTPUT (policy ACCEPT 8701 packets, 7472K bytes)
pkts bytes target prot opt in out source destination
Chain fail2ban-FTP (0 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- any any anywhere anywhere
Chain fail2ban-SSH (0 references)
pkts bytes target prot opt in out source destination
734 58732 RETURN all -- any any anywhere anywhere
Chain fail2ban-dovecot-pop3imap (0 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- any any anywhere anywhere
[root@selfserver ~]# iptables -t nat -L -v
Chain PREROUTING (policy ACCEPT 1755 packets, 120K bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
1537 101K MASQUERADE all -- any eth0 anywhere anywhere
Chain OUTPUT (policy ACCEPT 295 packets, 19411 bytes)
pkts bytes target prot opt in out source destination
OpenVPN (server):
[root@selfserver ~]# cat /etc/openvpn/server.conf | grep -v '#' | grep -v ';'
port 1194
fragment 1472
proto udp
dev tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/CentOS-SelfServer.crt
dh /etc/openvpn/dh2048.pem
server 192.168.8.0 255.255.255.0
ifconfig-pool-persist /etc/openvpn/ipp.txt
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 208.67.220.220"
keepalive 10 120
cipher AES-256-CBC
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status /var/log/openvpn-status.log
verb 3
OpenVPN (client):
[juri@arch-zenbook ~]$ cat SelfServer\ \(VPN\)_openvpn.conf | grep -v '#' | grep -v ';'
client
remote <ip server> 1194
ca "/home/juri/.keys/ca.crt"
cert "/home/juri/.keys/Arch-Zenbook.crt"
key "/home/juri/.keys/Arch-Zenbook.key"
cipher AES-256-CBC
comp-lzo yes
mssfix
fragment 1472
dev tun
proto udp
nobind
auth-nocache
script-security 2
persist-key
persist-tun
user nobody
group nobody
Può essere il problema dovuto a qualche errore nella configurazione, oppure è possibile che il problema sia dalla parte dell'ISP/host?
Grazie :D
Il problema è che quando provo a caricare o scaricare un file, per circa 5 secondi il trasferimento va a banda piena, dopodiché si ferma per ripartire non prima di una trentina di secondi dopo, e così via.
Se invece provo a scaricare lo stesso file direttamente dal server, va senza alcun problema.
Questi sono i miei file di configurazione:
iptables:
[root@selfserver ~]# iptables -L -v
Chain INPUT (policy DROP 24 packets, 4306 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- lo any anywhere anywhere
2289 169K ACCEPT tcp -- any any anywhere anywhere tcp dpt:ssh
23847 5823K ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:minecraft
8 832 ACCEPT icmp -- any any anywhere anywhere
1 70 ACCEPT udp -- any any anywhere anywhere udp dpt:openvpn
248 14880 ACCEPT tcp -- any any anywhere anywhere tcp dpt:globe
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
25947 28M ACCEPT all -- eth0 tun0 anywhere anywhere state RELATED,ESTABLISHED
18077 4287K ACCEPT all -- tun0 eth0 anywhere anywhere
Chain OUTPUT (policy ACCEPT 8701 packets, 7472K bytes)
pkts bytes target prot opt in out source destination
Chain fail2ban-FTP (0 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- any any anywhere anywhere
Chain fail2ban-SSH (0 references)
pkts bytes target prot opt in out source destination
734 58732 RETURN all -- any any anywhere anywhere
Chain fail2ban-dovecot-pop3imap (0 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- any any anywhere anywhere
[root@selfserver ~]# iptables -t nat -L -v
Chain PREROUTING (policy ACCEPT 1755 packets, 120K bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
1537 101K MASQUERADE all -- any eth0 anywhere anywhere
Chain OUTPUT (policy ACCEPT 295 packets, 19411 bytes)
pkts bytes target prot opt in out source destination
OpenVPN (server):
[root@selfserver ~]# cat /etc/openvpn/server.conf | grep -v '#' | grep -v ';'
port 1194
fragment 1472
proto udp
dev tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/CentOS-SelfServer.crt
dh /etc/openvpn/dh2048.pem
server 192.168.8.0 255.255.255.0
ifconfig-pool-persist /etc/openvpn/ipp.txt
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 208.67.220.220"
keepalive 10 120
cipher AES-256-CBC
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status /var/log/openvpn-status.log
verb 3
OpenVPN (client):
[juri@arch-zenbook ~]$ cat SelfServer\ \(VPN\)_openvpn.conf | grep -v '#' | grep -v ';'
client
remote <ip server> 1194
ca "/home/juri/.keys/ca.crt"
cert "/home/juri/.keys/Arch-Zenbook.crt"
key "/home/juri/.keys/Arch-Zenbook.key"
cipher AES-256-CBC
comp-lzo yes
mssfix
fragment 1472
dev tun
proto udp
nobind
auth-nocache
script-security 2
persist-key
persist-tun
user nobody
group nobody
Può essere il problema dovuto a qualche errore nella configurazione, oppure è possibile che il problema sia dalla parte dell'ISP/host?
Grazie :D