Hello Brian,

>> "I thought we eliminated pf(4) as the problem.  Technically if you can
negotiate a 3-way handshake and
 establish the TCP socket, MTU should be a non-issue." 

Yes, well, if I disable pf (pf -d) it still does not work...so, you would
say 
that then it cannot be a PF problem... (pass in quick on $ext_if proto tcp
from any to $vpnboxtjec port 22)

I am not quite sure how to use the tun-device ? I included the tcpdump on
the external interface (see below)

# netstat -s | grep -i drop
        0 fragments dropped (duplicates or out of space)
        0 malformed fragments dropped
        0 fragments dropped after timeout
        0 output packets dropped due to no bufs, etc.
        0 packets dropped due to policy
        0 packets were dropped due to full output queue
        14 connections closed (including 5 drops)         < from LAN works
ok, from External I have to cancel
                                                            as nothing
happens (hangs)
        0 embryonic connections dropped
                4 connections dropped by rexmit timeout  < or, if i don't
cancel...it times out
                0 connections dropped by keepalive
                0 dropped due to overflow
                0 dropped due to bucket overflow
                0 dropped due to RST
                0 dropped due to ICMP unreachable
        0 SYNs dropped (no route or no space)
        0 dropped due to no socket
        0 broadcast/multicast datagrams dropped due to no socket
        0 dropped due to missing IPsec protection
        0 dropped due to full socket buffers
        0 packets dropped due to policy
        0 packets were dropped due to full output queue
        0 packets dropped due to policy
        0 packets were dropped due to full output queue
        0 packets were dropped due to full output queue
        0 packets were dropped because of no interface/bridge information
        0 packets dropped due to policy
        0 packets dropped for other reasons
        0 packets dropped due to policy
        0 packets were dropped due to full output queue
        0 fragments dropped (duplicates or out of space)
        0 fragments dropped after timeout
        0 output packets dropped due to no bufs, etc.
        0 messages dropped due to no socket
        0 multicast messages dropped due to no socket
        0 messages dropped due to full socket buffers
#
#
#
# tcpdump -i xl0 port 22
tcpdump: listening on xl0, link-type EN10MB
16:16:17.410743 myhost.name.com.42282 > 22.4.remotehost.name.com.ssh: S
2653143135:2653143135(0) win 64512 <mss 1210,nop,nop,sackOK> (DF)
16:16:17.411290 22.4.remotehost.name.com.ssh > myhost.name.com.42282: S
1958807557:1958807557(0) ack 2653143136 win 16384 <mss 1250,nop,nop,sackOK>
16:16:17.460713 myhost.name.com.42282 > 22.4.remotehost.name.com.ssh: . ack
1 win 65340 (DF)
16:16:17.487840 22.4.remotehost.name.com.ssh > myhost.name.com.42282: P
1:22(21) ack 1 win 16940
16:16:17.541512 myhost.name.com.42282 > 22.4.remotehost.name.com.ssh: P
1:28(27) ack 22 win 65319 (DF)
16:16:17.545681 22.4.remotehost.name.com.ssh > myhost.name.com.42282: P
22:426(404) ack 28 win 16940
16:16:17.608985 myhost.name.com.42282 > 22.4.remotehost.name.com.ssh: P
28:312(284) ack 426 win 64915 (DF)
16:16:17.657875 22.4.remotehost.name.com.ssh > myhost.name.com.42282: P
426:438(12) ack 312 win 16940
16:16:17.819652 myhost.name.com.42282 > 22.4.remotehost.name.com.ssh: . ack
438 win 64903 (DF)
16:16:21.854017 myhost.name.com.42282 > 22.4.remotehost.name.com.ssh: P
312:332(20) ack 438 win 64903 (DF)
16:16:21.855649 22.4.remotehost.name.com.ssh > myhost.name.com.42282: P
438:450(12) ack 332 win 16940
16:16:22.049609 myhost.name.com.42282 > 22.4.remotehost.name.com.ssh: . ack
450 win 64891 (DF)
16:16:25.285174 myhost.name.com.42282 > 22.4.remotehost.name.com.ssh: P
332:732(400) ack 450 win 64891 (DF)
16:16:25.301708 22.4.remotehost.name.com.ssh > myhost.name.com.42282: P
450:462(12) ack 732 win 16940
16:16:25.354857 myhost.name.com.42282 > 22.4.remotehost.name.com.ssh: P
732:784(52) ack 462 win 64879 (DF)
16:16:25.358121 22.4.remotehost.name.com.ssh > myhost.name.com.42282: P
462:474(12) ack 784 win 16940
16:16:25.408989 myhost.name.com.42282 > 22.4.remotehost.name.com.ssh: P
784:796(12) ack 474 win 64867 (DF)
16:16:25.430208 22.4.remotehost.name.com.ssh > myhost.name.com.42282: P
474:678(204) ack 796 win 16940 [tos 0x10]
16:16:26.472279 myhost.name.com.42282 > 22.4.remotehost.name.com.ssh: P
784:796(12) ack 474 win 64867 (DF)
16:16:26.472322 22.4.remotehost.name.com.ssh > myhost.name.com.42282: . ack
796 win 16940 [tos 0x10]
16:16:26.930032 22.4.remotehost.name.com.ssh > myhost.name.com.42282: P
474:678(204) ack 796 win 16940 [tos 0x10]
16:16:28.589784 myhost.name.com.42282 > 22.4.remotehost.name.com.ssh: P
784:796(12) ack 474 win 64867 (DF)
16:16:28.589831 22.4.remotehost.name.com.ssh > myhost.name.com.42282: . ack
796 win 16940 [tos 0x10]
16:16:29.930037 22.4.remotehost.name.com.ssh > myhost.name.com.42282: P
474:678(204) ack 796 win 16940 [tos 0x10]
16:16:33.008505 myhost.name.com.42282 > 22.4.remotehost.name.com.ssh: P
784:796(12) ack 474 win 64867
16:16:33.008557 22.4.remotehost.name.com.ssh > myhost.name.com.42282: . ack
796 win 16940 [tos 0x10]
16:16:35.930049 22.4.remotehost.name.com.ssh > myhost.name.com.42282: P
474:678(204) ack 796 win 16940 [tos 0x10]
16:16:41.862678 myhost.name.com.42282 > 22.4.remotehost.name.com.ssh: P
784:796(12) ack 474 win 64867
16:16:41.862735 22.4.remotehost.name.com.ssh > myhost.name.com.42282: . ack
796 win 16940 [tos 0x10]
16:16:44.721213 myhost.name.com.42282 > 22.4.remotehost.name.com.ssh: P
796:816(20) ack 474 win 64867
16:16:44.740090 22.4.remotehost.name.com.ssh > myhost.name.com.42282: P
678:698(20) ack 816 win 16940 [tos 0x10]
^C
1963 packets received by filter
0 packets dropped by kernel
#
#

"Oh you're fine with pkill -HUP sshd"; 
 > Yes DRAC on my DELL's but no DRAC overthere :-( 

Thing is, its tricky, when I disabled the pf and later enabled it again, I
lost connection.
The VPN then drops, and people get kicked out of there session, yelling in
there language (which
I dont understand luckely :-)





-----Oorspronkelijk bericht-----
Van: Brian A. Seklecki [mailto:[EMAIL PROTECTED] 
Verzonden: dinsdag 6 februari 2007 16:09
Aan: forums
CC: misc@openbsd.org
Onderwerp: Re: SSH client (putty) hangs after name/password login


> Hello Brian,
>
> Not quite sure what you mean with pstree...don't know the command and 
> no 'man pstree' on my 3.8 system..?

It's in the psmisc/ package

> Note that I no problems logging into the system while on the local 
> network (doing this via a PC that I remotely manage). When I do a SSH 
> session (via the VPN
> tunnel) on the INSIDE
> of the OBSD box, I get the same problem....(using the same account).

Okay I must be asleep again.  I thought we eliminated pf(4) as the problem.
Technically if you can negotiate a 3-way handshake and establish the TCP
socket, MTU should be a non-issue.

What about "netstat -s".  Anything suspicious (grep -i drop) for sections
esp: tcp: ip: icmp: etherip:

If you have access via the LAN, what about tcpdump(8) on the tun(4)
interface?

> is
> not the case locaclly....


> Problem here is that this system is 900Km away...if I would stop the 
> SSHD (so i could

Normally I'd say to you "Oh you're fine with pkill -HUP sshd"; but that's
because I'm accustomed to out-of-band management like DRAC and mgetty >:}

~BAS

> restart it with debug options....) I will not be able to reach it 
> anymore :-(

Reply via email to