• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Dynamic Proxy via SSH broken?

Scheduled Pinned Locked Moved 1.2.1-RC Snapshot Feedback and Problems-RETIRED
7 Posts 4 Posters 4.4k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • V
    val123456
    last edited by Aug 13, 2008, 1:35 PM

    1.  Using 1.2.1 from Tuesday, 12 August. 
    2.  SSH to pfsense WAN interface from a remote network.
    3.  SSH connection works fine until I try to use a dynamic tunnel (using it as a SOCK proxy for browsing).*

    Has anyone else see this?

    *Details:  I ran PFtop in the shell.  PFtop updates until I try loading a web page.  Web page partially loads, then everything dies.  PFtop stops updating, browser times out.  Log shows ssh connection, followed by sshd client timeout a few minutes later.  No other log entries.  This configuration worked with 1.2.  The remote client configuration has not changed.

    Thanks,

    Colin

    1 Reply Last reply Reply Quote 0
    • V
      val123456
      last edited by Aug 13, 2008, 6:04 PM

      Update:  works from INSIDE the firewall.

      Colin

      1 Reply Last reply Reply Quote 0
      • N
        NickC
        last edited by Aug 13, 2008, 8:14 PM

        Today I posted on a OpenVPN issue that may or may not be MTU related. I also see SSH problems via WAN (and I think not by LAN, but would need to re-test to be sure).
        My WAN SSH transfers usually fall over after about 1.5k, so I think it may also be a MTU problem or at least that the two issues are related in some way.
        Also, I'm testing on a quad-core, are you running multiprocessor? If so this could explain why nobody else is seeing this.

        Nick.

        1 Reply Last reply Reply Quote 0
        • V
          val123456
          last edited by Aug 13, 2008, 8:26 PM

          @NickC:

          Also, I'm testing on a quad-core, are you running multiprocessor? If so this could explain why nobody else is seeing this.

          Yup, SMP.  Core 2 Duo:

          CPU: Intel(R) Core(TM)2 Duo CPU    E4600  @ 2.40GHz (2394.01-MHz 686-class CPU)

          1 Reply Last reply Reply Quote 0
          • N
            NickC
            last edited by Aug 14, 2008, 10:12 AM

            CPU: Intel(R) Xeon(R) CPU E5310 @ 1.60GHz (1595.93-MHz 686-class CPU)
            Other config info:
            Multi-wan, CARP interfaces on both WANs
            remotely tested SSH to real WAN infterface (broken)
            remotely tested OpenVPN to CARP on WAN (broken)
            remotely tested OpenVPN to CARP on OPT-WAN (broken)
            locally tested SSH on the LAN interface, works fine.

            How to test if this is a SMP issue? What's the simplest way to force the uniprocessor kernel. On pf 1.2 there was a uniprocessor/SMP select dropdown in the manual firmware upload GUI. Not here, BSD 7 may now detect on boot. Cannot force single core in the BIOS.

            Nick.

            1 Reply Last reply Reply Quote 0
            • W
              wallabybob
              last edited by Aug 14, 2008, 10:49 AM

              The uniprocessor kernel should run on single CPU systems and multi-CPU systems. It will only ever start one CPU.

              The uniprocessor kernel has optimisations that are not possible on a multi CPU system.

              The SMP kernel should also run on single CPU systems and multi-CPU systems but will start whatever CPUs the BIOS tells it are present.

              1 Reply Last reply Reply Quote 0
              • C
                cmb
                last edited by Aug 14, 2008, 5:20 PM

                Run "rm /boot/kernel/pfsense_kernel.txt" and you'll have the kernel selection box back.

                I very seriously doubt if it's SMP vs. uniproc kernel related.

                1 Reply Last reply Reply Quote 0
                7 out of 7
                • First post
                  7/7
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                  This community forum collects and processes your personal information.
                  consent.not_received