Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
weird SSH over IPSEC VPN not problem
« previous
next »
Print
Pages: [
1
]
Author
Topic: weird SSH over IPSEC VPN not problem (Read 2768 times)
tsupport
Newbie
Posts: 6
Karma: 0
weird SSH over IPSEC VPN not problem
«
on:
November 11, 2019, 03:06:19 am »
Hi,
I have setup a Site to Site IPSEC VPN connection and I can access machines and ping clients on both sides. I can access the web interface of opnsense on both side, but if I try and SSH to a linux machine I get the login prompts and then it just hangs, sometime I eventually get the welcome text and then prompt but then it drops out and stops working with a timeout error.
What is weird is that when I try it from the remote site, to ssh back into a linux machine it works.
I don't have and firewall rules between the connections, I just allow all.
I have tried normalization to set the MSS on the IPSec connection to 1400
I have tried from multiple machines.
I have also tried to ssh into the OpnSense firewall and some switches and they fail as well.
I'm stuck and not sure what else I can change or look at, any suggestions?
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: weird SSH over IPSEC VPN not problem
«
Reply #1 on:
November 11, 2019, 06:02:03 am »
Can you try MSS 1300 on LAN interface?
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
tsupport
Newbie
Posts: 6
Karma: 0
Re: weird SSH over IPSEC VPN not problem
«
Reply #2 on:
November 11, 2019, 11:15:37 pm »
Hi,
Thanks for the reply, I applied MSS of 1300 on both LAN ports on each side of the VPN but it still did not work.
I also tried telnet this morning to check and it fails with the same issue of just taking a long time and then eventually times out. Other traffic is OK though, VNC and web and windows file sharing is OK.
I'm not sure if the MSS took effect as when I ping with a size it's larger than 1300. One thing I did notice is that Side A of the VPN can Ping Side B with a packet size of 1473, where Side B can only ping side A with a packed size of 1342. Could this be causing the issue?
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: weird SSH over IPSEC VPN not problem
«
Reply #3 on:
November 12, 2019, 08:43:38 am »
MSS is only for TCP. Thats why.
Can you try to disable scrubbing.
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
tsupport
Newbie
Posts: 6
Karma: 0
Re: weird SSH over IPSEC VPN not problem
«
Reply #4 on:
November 13, 2019, 12:03:14 am »
Hi,
I disabled scrubbing under Firewall > Settings > Normalization but that broke communication, I could ping but I couldn't access any other services.
Logged
tsupport
Newbie
Posts: 6
Karma: 0
Re: weird SSH over IPSEC VPN not problem
«
Reply #5 on:
November 22, 2019, 01:00:23 am »
Hi,
I ended up dumping the IPSEC VPN and setup an OpenVPN STS connection and everything just worked, didn't need to change MSS and we were also facing an issue with drop outs when idle which was also fixed.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
weird SSH over IPSEC VPN not problem