Ssh inside an ipsec tunnel

linuxgurumaniac · Jan 11, 2012, 9:04 PM

Hello folks,

Recently I got myself a dedicated link between two sites, an internal network through a third party provider.
Though the first that comes to mind is encryption, so I set up two pfsense router one for each site and I setup
ipsec between, it all went smooth no problem here.

Now my problem with when I try to connect through ssh/sftp/scp through the tunnel, the session won't last for
more then couple of seconds before it gets killed and I got a connection closed by server or a broken pipe.

I'm aware that I already have encryption and one might ask why would I need ssh, well I like it, I'm used to it
and I'm not big ftp fan so sftp is my true calling.

Any ideas are welcome.

Notes: -> I'm using the latest version of pfsense 2 on both sides.
-> Ping is always working.
-> The tunnel is always up.
-> Accessing the web server behind the router even through ssl(https) is very smooth.
-> No errors under raccoon.
So basically ssh problem.

marcelloc · Jan 11, 2012, 9:07 PM

Did you checked if you are having routing issues with this ssh server?

ssh server default gateway is pfsense firewall ip?
Do you have same network assigned on both sides?

linuxgurumaniac · Jan 13, 2012, 7:50 AM

@marcelloc:

Did you checked if you are having routing issues with this ssh server?

In concept no, but I did notice then when I try to ssh the web server on site 2 from the
pfsense on site 1 I get a no route to host, although I can ping it from the same pfsense box
and I can access the web server on site 2 from an other pc on the site 1 lan through ssh
for a minimal amount of time(5-10 seconds) before I get disconnected from the host.

@marcelloc:

ssh server default gateway is pfsense firewall ip?

Yes

@marcelloc:

Do you have same network assigned on both sides?

No, Each site has a different subnet.

I you like I can give you a quick sketch of how the network is built.

gordslater · Jan 25, 2012, 2:17 AM

If this happens from only one machine, I've had a faulty NICs (both onboard and PCI/PCI-X) give me SSH broken pipes and strange problems when I ran ncurses commands, top or a command like ls -al with significant return data, yet simple on-liners with no output worked just fine. Drove me crazy each time.

My SSH sessions stay up indefinitely over the VPN otherwise, no problems

linuxgurumaniac · Jan 29, 2012, 3:37 PM

@gordslater:

If this happens from only one machine, I've had a faulty NICs (both onboard and PCI/PCI-X) give me SSH broken pipes and strange problems when I ran ncurses commands, top or a command like ls -al with significant return data, yet simple on-liners with no output worked just fine. Drove me crazy each time.

My SSH sessions stay up indefinitely over the VPN otherwise, no problems

Yeah stuff like that can drive any one crazy.

Regarding my problem got solve a couple of days ago. It was the problem from the third party
they had some bad hardware installed that messed things up.
Now I have everything working perfectly :)
thanks PFSENSE :D