Ssh inside an ipsec tunnel



  • Hello folks,

    Recently I got myself a dedicated link between two sites, an internal network through a third party provider.
    Though the first that comes to mind is encryption, so I set up two pfsense router one for each site and I setup
    ipsec between, it all went smooth no problem here.

    Now my problem with when I try to connect through ssh/sftp/scp through the tunnel, the session won't last for
    more then couple of seconds before it gets killed and I got a connection closed by server or a broken pipe.

    I'm aware that I already have encryption and one might ask why would I need ssh, well I like it, I'm used to it
    and I'm not big ftp fan so sftp is my true calling.

    Any ideas are welcome.

    Notes: -> I'm using the latest version of pfsense 2 on both sides.
              -> Ping is always working.
              -> The tunnel is always up.
              -> Accessing the web server behind the router even through ssl(https) is very smooth.
              -> No errors under raccoon.
    So basically ssh problem.



  • Did you checked if you are having routing issues with this ssh server?

    ssh server default gateway is pfsense firewall ip?
    Do you have same network assigned on both sides?



  • @marcelloc:

    Did you checked if you are having routing issues with this ssh server?

    In concept no, but I did notice then when I try to ssh the web server on site 2 from the
    pfsense on site 1 I get a no route to host, although I can ping it from the same pfsense box
    and I can access the web server on site 2 from an other pc on the site 1 lan through ssh
    for a minimal amount of time(5-10 seconds) before I get disconnected from the host.

    @marcelloc:

    ssh server default gateway is pfsense firewall ip?

    Yes

    @marcelloc:

    Do you have same network assigned on both sides?

    No, Each site has a different subnet.

    I you like I can give you a quick sketch of how the network is built.



  • If this happens from only one machine, I've had a faulty NICs (both onboard and PCI/PCI-X) give me SSH broken pipes and strange problems when I ran  ncurses commands,  top  or a command like  ls -al  with significant return data, yet simple on-liners with no output worked just fine. Drove me crazy each time.

    My SSH sessions stay up indefinitely over the VPN otherwise, no problems



  • @gordslater:

    If this happens from only one machine, I've had a faulty NICs (both onboard and PCI/PCI-X) give me SSH broken pipes and strange problems when I ran  ncurses commands,  top  or a command like  ls -al  with significant return data, yet simple on-liners with no output worked just fine. Drove me crazy each time.

    My SSH sessions stay up indefinitely over the VPN otherwise, no problems

    Yeah stuff like that can drive any one crazy.

    Regarding my problem got solve a couple of days ago. It was the problem from the third party
    they had some bad hardware installed that messed things up.
    Now I have everything working perfectly :)
    thanks PFSENSE :D


Log in to reply