SSHFS over VPN freezes on large chunk

1

I'm running SSHFS over a VPN connection. When trying to send a chunk of 1270 bytes into a file on this remote file system:

head -c 1270 /dev/urandom > /path/into/the/sshfs/foo

the whole file system freezes and lets any process hang which tries to access it. This can be fixed only by killing the sshfs process.

If I try to send 1269 bytes instead, no problem occurs.

I played around a lot with the commandline options of sshfs and found that only one option has any influence on this:

-o max_write=1240

If I pass a value less than 1270 here, the limit where the error starts occurring is lowered to this value + 1 (a value of 300 reduced it to 1183, though). Unfortunately, raising the value doesn't help, the limit stays at 1270 bytes.

It's a thing with buffers, somehow. If I use to consecutive writes, everything works fine:

(head -c 1269 /dev/urandom
 head -c 1269 /dev/urandom) > /path/into/the/sshfs/foo

It doesn't seem to be a problem of the underlying ssh either because a

ssh remote_host "bash -c 'head -c 2000 /dev/zero | tr \\\0 0'" | wc -c

works fine and prints 2000 as expected.

However, X forwarding doesn't seem to work either, so maybe it is an ssh issue below.

I tried changing the MTU size from 1412 to 1500:

ifconfig tun0 mtu 1500

but without any effect.

Is this a known problem? Can I somehow fix / prevent /circumvent this?

EDIT: I'm using a FritzBox (a home router) VPN (apparently of "cisco" style, but I'm no expert on this topic) and an Ubuntu 16.04 to access it from the outside.

I also noticed that when I test this via a mobile phone line with a laptop, the problem does not occur. It only occurs when I'm at the remote site which is behind some restrictive firewall. Note though, that the VPN works in general, only the sshfs aspect (and the X forwarding) appear to be problematic.

Alfe

Posted 2017-09-26T15:50:38.263

Reputation: 263

Answers

2

You most likely have an MTU issue caused by the overhead of the VPN. Increasing the MTU as you did won't fix the problem, because it makes the MTU bigger then the available maximum packet size for the media (I'm assuming you are not using jumbo frames in a lan only environment).

Indeed a solution might be to DECREASE the mtu of the tunnel device.

You have not specified the VPN or routers. The way we solve this problem is with MTU clamping at the OS level. Alternatively/additionally if you are using OpenVPN there are directives you can use to fragmented packets eg using mssfix - you may want to look at https://www.sonassi.com/help/troubleshooting/setting-correct-mtu-for-openvpn and also the fragment option - https://blog.hambier.lu/post/solving-openvpn-mtu-issues

davidgo

Posted 2017-09-26T15:50:38.263

Reputation: 49 152

Thanks for your answer. I added some detail about my VPN etc. Can the MTU be changed on the fly while the connection is up and running? It reflects in the output of ifconfig but I'm not sure it is used. I see no effect yet (while at home); even if I set the MTU to large values like 10000 I cannot produce the problem here. I will try to reduce the MTU at the remote site tomorrow to test if it helps there. – Alfe – 2017-09-26T21:18:19.077

After reduction of the MTU size to 1000 bytes, the problem was gone. Also the X forwarding now works. A co-worker also mentioned that he solved issues like this by reducing the MTU size. So this seems to be a pretty solid solution ;-) Thanks ! – Alfe – 2017-09-27T08:56:16.017

Asked: 2017-09-26T15:50:38.263

Viewed: 437 times

Active: 2017-09-26T21:15:14.997