[Semibug] OpenVPN hates ssh

Adam McDougall mcdouga9 at egr.msu.edu
Thu May 28 16:26:47 EDT 2020 

The behavior makes me think your SSH traffic starts being sent over a
route different from where it was initiated, so incoming data like the
"write" responses are coming in through the old path but new outgoing
data is being sent some different path. I suggest running tcpdump on all
interfaces you can think of including the client tunnel interface, the
openvpn server tunnel interface, and on the server you are trying to ssh
to. Eventually SSH gets fed up with lack of working bidirectional
communication and declares the session broken.

On 5/28/20 4:10 PM, Steven Surdock wrote:
> Could be a firewall state issue...
> 
> -----Original Message-----
> From: Semibug <semibug-bounces at lists.nycbug.org> On Behalf Of Mike Wayne
> Sent: Thursday, May 28, 2020 3:51 PM
> To: semibug at lists.nycbug.org
> Subject: Re: [Semibug] OpenVPN hates ssh
> 
> On Thu, May 28, 2020 at 03:33:16PM -0400, Carl T. Miller wrote:
>> Yes, try ssh -v, ssh -vv, or ssh -vvv on the client side.?? It will 
>> let you know if there are any client-side issues.?? If that doesn't 
>> help, check the system logs for messages from the ssh daemon.?? Doing 
>> this should at least give you a hint.
> 
> Tried that. No joy.
> 
> Note that I get logged in just fine. I can run commands just fine and everything works - for 55 seconds or so.
> 
> Further testing: It looks like the problem is from the client to the server because I can do 
>    % date ; sleep 60; date
>    Thu May 28 15:44:54 EDT 2020
>    Thu May 28 15:45:54 EDT 2020
>    %
> 
> Then, at this point, I can not send anything to the server - no response of ANY kind. But I can open a new ssh session and it works.
> 
> I can also log into the server and "write" at myself and see the
> message:
>    %
>    Message from wayne at server on pts/1 at 15:48 ...
>    EOF
> 
> Eventually, ssh dies and prints:
>    Fssh_packet_write_wait: Connection to 172.16.6.1 port 22: Broken pipe
> 
> So, something with OpenVPN is timing out such that I can not send from the client, after about a minute.
> 
> _______________________________________________
> Semibug mailing list
> Semibug at lists.nycbug.org
> http://lists.nycbug.org:8080/mailman/listinfo/semibug
> 
> _______________________________________________
> Semibug mailing list
> Semibug at lists.nycbug.org
> http://lists.nycbug.org:8080/mailman/listinfo/semibug
>

More information about the Semibug mailing list