Re: Problem logging in over GRE/IPSec tunnel?

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Oct 19, 2014, at 11:08 PM, Damien Miller <djm@xxxxxxxxxxx> wrote:

> On Sun, 19 Oct 2014, Paul Suh wrote:
> 
>> Hello,
>> 
>> First time posting here, but I?ve been using OpenBSD for since 2.7 or
>> so. I hope this is the right place to ask.
>> 
>> Anyway, I?m running into a puzzler.
> 
> [...]
> 
>> On the server, I get this line in /var/log/authlog:
>> 
>>> Oct 19 22:42:17 ravelin sshd[5880]: fatal: Read from socket failed:
>>> Connection reset by peer [preauth]
> 
> Whatever the problem is, it's happening at a lower level than ssh/sshd.
> 
> Can you connect the the sshd using telnet or netcat from the client?
> If not, then that's your problem.
> 
> If so, then the problem is more subtle. In the absence of further
> information, I'd expect a MTU blackhole in one/both directions,
> since the KEXINIT packet is likely to be the first bit of data sent
> that is >1KB. You might be able to check this using ping's size
> and don't-fragment options (make sure you test both the client->server
> and server->client directions).

Damien,

I can connect to port 22 via telnet and get the "SSH-2.0-OpenSSH_6.6.1” response, so it’s something more subtle. 

Sweep pings fail at the MTU, 1476, both directions. There is some sort of flakiness when I set the packet size to 1460 or 1450, as the first three or four packets will go through, then I get errors back from the router. 

I tried cranking the MTU for the path down to 1400 in both directions using the route(8) command, but that doesn’t seem to help. 

Thanks for any pointers that you can give me. 


—Paul


_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev





[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux