我有ssh隧道,可以在低流量使用情况下正常工作。但是高使用率使隧道意外地变得奇怪。症状是:
从客户端到服务器的高延迟:
!client download start 64 bytes from 172.16.50.1: icmp_seq=10 ttl=64 time=9952 ms
64 bytes from 172.16.50.1: icmp_seq=11 ttl=64 time=8952 ms
64 bytes from 172.16.50.1: icmp_seq=12 ttl=64 time=7952 ms
64 bytes from 172.16.50.1: icmp_seq=13 ttl=64 time=6953 ms
64 bytes from 172.16.50.1: icmp_seq=14 ttl=64 time=5953 ms
64 bytes from 172.16.50.1: icmp_seq=15 ttl=64 time=4953 ms
64 bytes from 172.16.50.1: icmp_seq=16 ttl=64 time=3953 ms
64 bytes from 172.16.50.1: icmp_seq=17 ttl=64 time=2953 ms
64 bytes from 172.16.50.1: icmp_seq=18 ttl=64 time=1954 ms
!client download finish 64 bytes from 172.16.50.1: icmp_seq=19 ttl=64 time=954 ms
64 bytes from 172.16.50.1: icmp_seq=20 ttl=64 time=244 ms
64 bytes from 172.16.50.1: icmp_seq=21 ttl=64 time=203 ms
64 bytes from 172.16.50.1: icmp_seq=22 ttl=64 time=160 ms
64 bytes from 172.16.50.1: icmp_seq=23 ttl=64 time=160 ms
64 bytes from 172.16.50.1: icmp_seq=24 ttl=64 time=158 ms
SSHd服务器日志:
Jun 30 13:38:35 sshd[15021]: debug2: channel 0: rcvd adjust 98352
Jun 30 13:38:35 sshd[15021]: debug2: channel 0: rcvd adjust 98524
Jun 30 13:38:35 sshd[15021]: debug2: channel 0: rcvd adjust 98914
Jun 30 13:38:35 sshd[15021]: debug2: channel 0: window 1998834 sent adjust 98318
Jun 30 13:38:35 sshd[15021]: debug2: channel 0: rcvd adjust 99172
Jun 30 13:38:35 sshd[15021]: debug2: channel 0: rcvd adjust 98434
Jun 30 13:38:35 sshd[15021]: debug2: channel 0: rcvd adjust 98930
Jun 30 13:38:35 sshd[15021]: debug2: channel 0: rcvd adjust 98524
Jun 30 13:38:35 sshd[15021]: debug2: channel 0: rcvd adjust 99740
Jun 30 13:38:35 sshd[15021]: debug2: channel 0: rcvd adjust 98856
Jun 30 13:38:35 sshd[15021]: debug2: channel 0: rcvd adjust 98584
Jun 30 13:38:35 sshd[15021]: debug2: channel 0: rcvd adjust 98352
Jun 30 13:38:36 sshd[15021]: debug2: channel 0: rcvd adjust 98620
Jun 30 13:38:37 sshd[15021]: debug2: channel 0: rcvd adjust 98173
Jun 30 13:38:37 sshd[15021]: debug2: channel 0: rcvd adjust 99076
Jun 30 13:38:37 sshd[15021]: debug2: channel 0: rcvd adjust 98798
Jun 30 13:38:37 sshd[15021]: debug2: channel 0: rcvd adjust 95801
我的SSH连接脚本:
!/bin/bash
# This is the WAN IP/hostname of the remote machine
REMOTE=XXX.XXX.XXX.XXX
# Remote username will usually be root, or any other privileged user
# who can open tun/tap devices on the remote host
REMOTE_USERNAME=root
# Remote IP in the tunnel
REMOTE_IP=172.16.50.1
# Netmask to set (on both sides)
NETMASK=255.255.255.0
# SSH port to use
PORT=XXXX
# MTU for tunnel
MTU=1436
# Extra SSH options, these would give us some nice keep alive
EXTRA_OPTS='-4 -o ServerAliveInterval=10 -o TCPKeepAlive=yes -o PreferredAuthentications=password -o StrictHostKeyChecking=no'
# Remote tunnel device (tun100/tap100)
REMOTE_DEV=101
LOCAL_IP=172.16.50.$REMOTE_DEV
DEV_TYPE=tun
# TUNNEL_TYPE is 'point-to-point' for tun and 'ethernet' for tap
TUNNEL_TYPE=point-to-point
# Local tunnel is calculated depending on what devices are free
# The following loop iterates from 0 to 255 and finds a free
# tun/tap device
for i in `seq 0 255`; do ! ifconfig $DEV_TYPE$i >& /dev/null && LOCAL_DEV=$i && break; done
LOCAL_DEV=0
#ip link set tun0 up
while true
do
#Close any possible active connections before create a new
ps -ef | grep 'Tunnel' | grep -v grep | awk '{print $2}' | xargs kill >/dev/null 2>&1
ip link delete tun0 >/dev/null 2>&1
#Restart DNS and reset logs
rm /var/log/dnsmasq.log
service dnsmasq restart
touch /var/log/dnsmasq.log
#Add local tun device
ip tuntap add dev tun0 mode tun
/sbin/ifconfig $DEV_TYPE$LOCAL_DEV $LOCAL_IP netmask $NETMASK pointopoint $REMOTE_IP mtu $MTU up
#Apply routes
/etc/dnsmasq.d/address/route.sh >/dev/null 2>&1
#Start connection
sshpass -p XXXXXXXXXXXX ssh -o Tunnel=$TUNNEL_TYPE -o NumberOfPasswordPrompts=10 $EXTRA_OPTS \
-w $LOCAL_DEV:$REMOTE_DEV \
-l $REMOTE_USERNAME -p $PORT $REMOTE \
"/sbin/ifconfig $DEV_TYPE$REMOTE_DEV $REMOTE_IP netmask $NETMASK pointopoint $LOCAL_IP mtu $MTU up"
#Endless reconnect on 15 sec after session lost
sleep 15
done
我为获得此修复而做了什么:
我知道ssh隧道的实现不是高流量直通的最佳方法,但我认为应该有解决方案。请指教。