SSH hanging through IPSEC VPN



  • Hello,
    I have 2 pfSense firewalls (2.4.4-p3 on both sides) with public IPs connecting to each other via IPSEC, routed VTI phase 2.
    I set up the tunnel interface and added the required static routes through each other. I can ping hosts across networks, I can connect to HTTP/HTTPS, SMB, stuff mostly seems to work ok.
    One big thing doesn't work, though: SSH.

    It hangs after authentication, until it says broken pipe.

    I tried lowering the MTU on the server side as suggested by some posts, but it didn't work. MSS clamping didn't help either.

    I even tried to switch my phase 2 to Tunnel IPv4 but I still got the same behavior.

    Packets just seem to stop flowing from the SSH server to the client.

    I'm attaching a zip file containing 6 different packet captures , 3 from each side:

    • ssh_client_local was recorded from the machine running the SSH client
    • ssh_client_side_enc0 was recorded from the pfSense firewall in the client network, on the enc0 interface
    • ssh_client_side_ipsec1000 was recorded from the pfSense firewall in the client network, on the ipsec1000 interface
    • ssh_server_local as recorded from the machine running the SSH server
    • ssh_server_side_enc0 was recorded from the pfSense firewall in the server network, on the enc0 interface
    • ssh_server_side_ipsec1000 was recorded from the pfSense firewall in the server network, on the ipsec1000 interface

    Any help?

    Thanks in advance.



  • I also have the same problem. Tried to trigger MSS clamping and MTU, but no benefit.
    My WAN is PPPoE, if this matters.
    I have many of PfSense IPSec tunnels, but only on one problem persists.



  • I also have PPPoE on one end, the other one is DHCP.


Log in to reply