Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Ssh inside an ipsec tunnel

    Scheduled Pinned Locked Moved IPsec
    5 Posts 3 Posters 4.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      linuxgurumaniac
      last edited by

      Hello folks,

      Recently I got myself a dedicated link between two sites, an internal network through a third party provider.
      Though the first that comes to mind is encryption, so I set up two pfsense router one for each site and I setup
      ipsec between, it all went smooth no problem here.

      Now my problem with when I try to connect through ssh/sftp/scp through the tunnel, the session won't last for
      more then couple of seconds before it gets killed and I got a connection closed by server or a broken pipe.

      I'm aware that I already have encryption and one might ask why would I need ssh, well I like it, I'm used to it
      and I'm not big ftp fan so sftp is my true calling.

      Any ideas are welcome.

      Notes: -> I'm using the latest version of pfsense 2 on both sides.
                -> Ping is always working.
                -> The tunnel is always up.
                -> Accessing the web server behind the router even through ssl(https) is very smooth.
                -> No errors under raccoon.
      So basically ssh problem.

      1 Reply Last reply Reply Quote 0
      • marcellocM
        marcelloc
        last edited by

        Did you checked if you are having routing issues with this ssh server?

        ssh server default gateway is pfsense firewall ip?
        Do you have same network assigned on both sides?

        Treinamentos de Elite: http://sys-squad.com

        Help a community developer! ;D

        1 Reply Last reply Reply Quote 0
        • L
          linuxgurumaniac
          last edited by

          @marcelloc:

          Did you checked if you are having routing issues with this ssh server?

          In concept no, but I did notice then when I try to ssh the web server on site 2 from the
          pfsense on site 1 I get a no route to host, although I can ping it from the same pfsense box
          and I can access the web server on site 2 from an other pc on the site 1 lan through ssh
          for a minimal amount of time(5-10 seconds) before I get disconnected from the host.

          @marcelloc:

          ssh server default gateway is pfsense firewall ip?

          Yes

          @marcelloc:

          Do you have same network assigned on both sides?

          No, Each site has a different subnet.

          I you like I can give you a quick sketch of how the network is built.

          1 Reply Last reply Reply Quote 0
          • G
            gordslater
            last edited by

            If this happens from only one machine, I've had a faulty NICs (both onboard and PCI/PCI-X) give me SSH broken pipes and strange problems when I ran  ncurses commands,  top  or a command like  ls -al  with significant return data, yet simple on-liners with no output worked just fine. Drove me crazy each time.

            My SSH sessions stay up indefinitely over the VPN otherwise, no problems

            1 Reply Last reply Reply Quote 0
            • L
              linuxgurumaniac
              last edited by

              @gordslater:

              If this happens from only one machine, I've had a faulty NICs (both onboard and PCI/PCI-X) give me SSH broken pipes and strange problems when I ran  ncurses commands,  top  or a command like  ls -al  with significant return data, yet simple on-liners with no output worked just fine. Drove me crazy each time.

              My SSH sessions stay up indefinitely over the VPN otherwise, no problems

              Yeah stuff like that can drive any one crazy.

              Regarding my problem got solve a couple of days ago. It was the problem from the third party
              they had some bad hardware installed that messed things up.
              Now I have everything working perfectly :)
              thanks PFSENSE :D

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.