[Vpn-help] SSH connection hang with beta 2
Tai-hwa Liang
avatar at mmlab.cse.yzu.edu.tw
Fri May 4 02:20:05 CDT 2007
Hello,
After upgrading to 2.0.0 beta 2, our users reported that ssh
connection using PuTTY to LAN servers hangs much more regular than
using 1.1.0.
Windows XP(PuTTY) -> gateway(ipsec-tools-0.6.7) -> LAN server
For example, the data volume generated by running "find /" on server
could hang the PuTTY. Meanwhilst, opening a Windows command prompt and
"ping -t server" on the same box still works however.
In addition to that, trying to tweak the "Maximum packet size" in
client configuration doesn't seem to help to resolve this hanging.
The gateway has following relevant settings:
---------------------- begin of racoon.conf ----------------------
remote anonymous {
# work mode in IKE first phase
exchange_mode aggressive,main;
# certificate type, certificate and secret key file name
certificate_type x509 "host.crt" "host.key";
ca_type x509 "ca-chain.pem";
# claiming the options requested by other peer
proposal_check claim;
# automatic generation of SPs from the initial connection request
generate_policy on;
# enforce peer certificate verification
verify_cert on;
# enforce peer identity verification
verify_identifier on;
my_identifier asn1dn;
peers_identifier asn1dn "C=TW, O=Company, CN=testuser";
# nat-t set to off
# nat_traversal off;
# DPD activation and 20 sec. delay allowed between 2 proof of
# liveness requests
dpd_delay 20;
# IKE fragmentation enabled
ike_frag on;
# agreement proposal in IKE first phase
proposal {
encryption_algorithm aes;
hash_algorithm sha1;
authentication_method rsasig;
dh_group 2;
}
}
# local network information
mode_cfg {
# starting address of the IP address pool
network4 192.168.0.3;
netmask4 255.255.255.0;
# maximum number of clients
pool_size 20;
# authentication source user database on the system
auth_source pam;
# configuration source from data given in this section
conf_source local;
# DNS and WINS servers IP addresses
dns4 192.168.0.1;
wins4 192.168.0.1;
# welcome message
banner "/etc/racoon/motd";
}
# SA information for IKE second phase
sainfo anonymous {
pfs_group 2;
lifetime time 1 hour;
encryption_algorithm aes, 3des, blowfish 448;
authentication_algorithm hmac_sha1, hmac_md5;
compression_algorithm deflate;
}
---------------------- end of racoon.conf ----------------------
Note that the same hanging also affects other applications such like
CVS/SVN over SSH tunnel. Anyone has similar experience?
--
Cheers,
Tai-hwa Liang
More information about the vpn-help
mailing list