Dynamic Proxy via SSH broken?

val123456

1.  Using 1.2.1 from Tuesday, 12 August. 
2.  SSH to pfsense WAN interface from a remote network.
3.  SSH connection works fine until I try to use a dynamic tunnel (using it as a SOCK proxy for browsing).*

Has anyone else see this?

*Details:  I ran PFtop in the shell.  PFtop updates until I try loading a web page.  Web page partially loads, then everything dies.  PFtop stops updating, browser times out.  Log shows ssh connection, followed by sshd client timeout a few minutes later.  No other log entries.  This configuration worked with 1.2.  The remote client configuration has not changed.

Thanks,

Colin

val123456

Update:  works from INSIDE the firewall.

Colin

NickC

Today I posted on a OpenVPN issue that may or may not be MTU related. I also see SSH problems via WAN (and I think not by LAN, but would need to re-test to be sure).
My WAN SSH transfers usually fall over after about 1.5k, so I think it may also be a MTU problem or at least that the two issues are related in some way.
Also, I'm testing on a quad-core, are you running multiprocessor? If so this could explain why nobody else is seeing this.

Nick.

val123456

@NickC:

Also, I'm testing on a quad-core, are you running multiprocessor? If so this could explain why nobody else is seeing this.

Yup, SMP.  Core 2 Duo:

CPU: Intel(R) Core(TM)2 Duo CPU    E4600  @ 2.40GHz (2394.01-MHz 686-class CPU)

NickC

CPU: Intel(R) Xeon(R) CPU E5310 @ 1.60GHz (1595.93-MHz 686-class CPU)
Other config info:
Multi-wan, CARP interfaces on both WANs
remotely tested SSH to real WAN infterface (broken)
remotely tested OpenVPN to CARP on WAN (broken)
remotely tested OpenVPN to CARP on OPT-WAN (broken)
locally tested SSH on the LAN interface, works fine.

How to test if this is a SMP issue? What's the simplest way to force the uniprocessor kernel. On pf 1.2 there was a uniprocessor/SMP select dropdown in the manual firmware upload GUI. Not here, BSD 7 may now detect on boot. Cannot force single core in the BIOS.

Nick.

wallabybob

The uniprocessor kernel should run on single CPU systems and multi-CPU systems. It will only ever start one CPU.

The uniprocessor kernel has optimisations that are not possible on a multi CPU system.

The SMP kernel should also run on single CPU systems and multi-CPU systems but will start whatever CPUs the BIOS tells it are present.

cmb

Run "rm /boot/kernel/pfsense_kernel.txt" and you'll have the kernel selection box back.

I very seriously doubt if it's SMP vs. uniproc kernel related.