[Vpn-help] SSH connection hang with beta 2
Matthew Grooms
mgrooms at shrew.net
Tue May 8 00:59:01 CDT 2007
Tai-hwa Liang wrote:
> On Sun, 6 May 2007, Matthew Grooms wrote:
> [...]
>> With the mss clamping enabled on the firewall, you shouldn't
>> experience any hangs at all due to fragmentation issues with tcp
>> communications. I will do some testing and try to reproduce the issue.
>
> Thank you.
>
Tai-hwa,
I ran a battery of tests with all the combinations I could think of to
reproduce the problem but was unsuccessful. What operating system are
you using on the client side? Are you performing the tests from a cable
or dsl modem over the internet? If so, is there a firewall/router being
used between the client and the gateway?
My gut feeling is that esp packet fragments are not getting back to the
client for re-assembly. Using a "find /" over an ssh connection makes me
think that the bulk of the traffic would be emitted from the server
destined to the ssh client. There wouldn't be much sent back to the
server with the exception of the ssh protocol window adjustments. I
don't think that kind of packet would ever get big enough to warrant
fragmentation. Maybe we can look at some packet dumps to determine for
sure in what direction the tcp stall is happening.
Thanks,
-Matthew
More information about the vpn-help
mailing list