Dynamic Proxy via SSH broken?
-
1. Using 1.2.1 from Tuesday, 12 August.
2. SSH to pfsense WAN interface from a remote network.
3. SSH connection works fine until I try to use a dynamic tunnel (using it as a SOCK proxy for browsing).*Has anyone else see this?
*Details: I ran PFtop in the shell. PFtop updates until I try loading a web page. Web page partially loads, then everything dies. PFtop stops updating, browser times out. Log shows ssh connection, followed by sshd client timeout a few minutes later. No other log entries. This configuration worked with 1.2. The remote client configuration has not changed.
Thanks,
Colin
-
Update: works from INSIDE the firewall.
Colin
-
Today I posted on a OpenVPN issue that may or may not be MTU related. I also see SSH problems via WAN (and I think not by LAN, but would need to re-test to be sure).
My WAN SSH transfers usually fall over after about 1.5k, so I think it may also be a MTU problem or at least that the two issues are related in some way.
Also, I'm testing on a quad-core, are you running multiprocessor? If so this could explain why nobody else is seeing this.Nick.
-
Also, I'm testing on a quad-core, are you running multiprocessor? If so this could explain why nobody else is seeing this.
Yup, SMP. Core 2 Duo:
CPU: Intel(R) Core(TM)2 Duo CPU E4600 @ 2.40GHz (2394.01-MHz 686-class CPU)
-
CPU: Intel(R) Xeon(R) CPU E5310 @ 1.60GHz (1595.93-MHz 686-class CPU)
Other config info:
Multi-wan, CARP interfaces on both WANs
remotely tested SSH to real WAN infterface (broken)
remotely tested OpenVPN to CARP on WAN (broken)
remotely tested OpenVPN to CARP on OPT-WAN (broken)
locally tested SSH on the LAN interface, works fine.How to test if this is a SMP issue? What's the simplest way to force the uniprocessor kernel. On pf 1.2 there was a uniprocessor/SMP select dropdown in the manual firmware upload GUI. Not here, BSD 7 may now detect on boot. Cannot force single core in the BIOS.
Nick.
-
The uniprocessor kernel should run on single CPU systems and multi-CPU systems. It will only ever start one CPU.
The uniprocessor kernel has optimisations that are not possible on a multi CPU system.
The SMP kernel should also run on single CPU systems and multi-CPU systems but will start whatever CPUs the BIOS tells it are present.
-
Run "rm /boot/kernel/pfsense_kernel.txt" and you'll have the kernel selection box back.
I very seriously doubt if it's SMP vs. uniproc kernel related.