home bbs files messages ]

Forums before death by AOL, social media and spammers... "We can't have nice things"

   comp.dcom.vpn      VPN protocols, clients, awesomeness      2,348 messages   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]

   Message 879 of 2,348   
   samjack to Mike Morgan   
   Re: ssh not working thru ipsec tunnel   
   03 Apr 04 17:46:27   
   
   From: nospam@device.null   
      
   try adjusting your MTU size on a test machine that can use the SSH tunnel.   
   Bring it down in some reasonable step size and see if you get down enough   
   that it starts working.   
      
   "Mike Morgan"  wrote in message   
   news:406F3B94.6FA8DECC@power.net...   
   > Hi,   
   >   
   > We are having a strange problem. About 6 months ago we wanted to connect   
   > a Nortel Contivity 1010 behind a Linksys BEFSR41 in order to conserve   
   > public IPs. The ipsec tunnel between our local staff office (behind the   
   > 1010) and main office came up and worked except for one glaring failure   
   > - a ssh tunnel between a client on any of the remote staff PCs and a   
   > Linux box running Red Hat 7.3 at the main office would open and then   
   > hang. You can login and do an ls (for example) and the screen returns   
   > only 1/2 of what it should display and then the session dies. All you   
   > can do is close the window,   
   >   
   > Remove the Linksys and there were no problems with ssh. I tried to   
   > troubleshoot this, but, of course, neither Linksys or Nortel would   
   > support the interaction with the other vendor's equipment. I could find   
   > no documentatin on this problem. I gave up and bought more IPs for the   
   > remote office and put the Linksys and Nortel in parallel.   
   >   
   > Just yesterday we installed a Nortel 1010 at a remote office connected   
   > to the Internet by a cable modem and ran into the identical problem.   
   > Everything works except ssh which dies after login in the same manner as   
   > the Linksys situation mentioned above. EXCEPT there is no Linksys! I   
   > talked to the cable ISP, Classic Cable; they claim that they are not   
   > blocking any ports or services and they use Cisco routers. We have 1010s   
   > at about a dozen other offices connected to the Internet by ADSL (mostly   
   > SBC) and ssh works at all of them.   
   >   
   > For the tunnel to work we only need ports 500 and 3478, and AH and ESP   
   > services to work. If they were blocking any of these the tunnel would   
   > not come up. It does come up and all traffic is routed though the   
   > tunnel. I can think of no explanation for the ssh failure. At the remote   
   > site we have had to revert to the existing frame relay circuit which   
   > costs 7 times as much as the Internet for 1/10th the bandwidth.   
   >   
   > Any help would be appreciated. If you want to reply to me personally   
   > please email mike.morgan-at-teampcs.com   
   >   
   > Thanks,   
   >   
   > Mike Morgan   
   > Network Administrator   
   > PCS   
   >   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]


(c) 1994,  bbs@darkrealms.ca