Anonymous ftp over vpn -> timeout

dandanplan · 07-09-2009, 04:34 PM

Hi,

a friend of mine set up a VPN Server with key authentication and a anonymous FTP Server. He send me his client.conf and keys for me. I adjusted the conf file for my keys. Started the my OpenVPN client, pinged the server and all clients in this net. Everything is OK.
Next I checked the anonymous ftp Server, but could only copy files that are smaller than 5kb to the server. With every larger file I get a timeout of the ftp connection. I tried different Linux programs, nautilus, gftp, filezilla and the commandline ftp. Download is perfectly OK and fast. My friend uses the same settings (obviously) and can upload his files without a timeout. At the best case, I had 1.308 B file on the server.
Next I checked if I can connect to the ftp server trough vpn with vista. I used openvpn and also filezilla. There I could upload my files to the ftp server. Problems with my Lan settings or router can be excluded.

Once again I upload a picture with 83 kb, filezilla tried it 3 times and timeout.

Code:

Command:	STOR shawn.jpg
Response:	150 Ok to send data.
Error:	Connection timed out
Status:	Connecting to 10.0.0.1:21...
Status:	Connection established, waiting for welcome message...
Response:	220 
Command:	USER anonymous
Response:	331 Please specify the password.
Command:	PASS **************
Response:	230 Login successful.
Status:	Connected
Status:	Starting upload of shawn.jpg
Command:	CWD /_public_
Response:	250 Directory successfully changed.
Status:	Retrieving directory listing...
Command:	TYPE I
Response:	200 Switching to Binary mode.
Command:	PASV
Response:	227 Entering Passive Mode (10,0,0,1,205,249)
Command:	LIST
Response:	150 Here comes the directory listing.
Response:	226 Directory send OK.
Command:	PASV
Response:	227 Entering Passive Mode (10,0,0,1,122,250)
Command:	STOR shawn.jpg
Error:	Connection timed out
Response:	421 Timeout.

I checked what is transmitted through the tap0 with IPTraf while the upload, packages are transmitted but they seem to get lost.

There are no rules in my iptables.

My system is Ubuntu 9.04 (same as my friend), wireless in my Lan.

Thanks in advance for reading my post, I hope you can help me. If you need more informations feel free to ask. I try to investigate further with wireshark.

dandanplan

dandanplan · 07-10-2009, 06:22 AM

Hi,

me again. Here I have a screenshot of tap0 interface with wireshark. There is a strange thing, I get a FIN ACK from the server, but the file isn't transmitted, only partial. So filezilla restarts the transmission again for 3 times till the file transfer gets marked as failed.
Now we switched the proto in the openvpn.conf from 'proto udp' to 'proto tcp-client' and upload and download is working properly. There are no more Retransmissions and no duplicated ACKs.
I would say the problem is partially solved, but I wont check the thread as solved. Because with Vista on the same machine and setup I could use UDP but not with Ubuntu. We will keep the tcp-client setting, but maybe someone has an idea for our setup. Thanks again. Have a nice day.
dandanplan

nowonmai · 07-10-2009, 06:57 AM

I would think that this may be a function of TCP over UDP, in that UDP doesn't make any guarantees about packet delivery.

dandanplan · 07-10-2009, 08:29 AM

Ok, so TCP is obviously more reliable because of the data control (handshake, etc.), right? But why could my fiend with his ubuntu and my Vista installation transmit data to the server through UDP, and my ubuntu installation can't? Could I lack a deb package?
I have a installation of hamachi, but it's not running. Could there be a connection?
And what would be the advantages of UDP in my case? Faster? A different layer? When I google for it, only TCP is praised but there must be an advantage.

Asking too many questions,
dandanplan