[Vpn-help] SSH connection hang with beta 2
Matthew Grooms
mgrooms at shrew.net
Wed May 9 12:02:16 CDT 2007
Tai-hwa Liang wrote:
>
>> My gut feeling is that esp packet fragments are not getting back to
>> the client for re-assembly. Using a "find /" over an ssh connection
>> makes me think that the bulk of the traffic would be emitted from the
>> server destined to the ssh client. There wouldn't be much sent back to
>> the server with the exception of the ssh protocol window adjustments.
>> I don't think that kind of packet would ever get big enough to warrant
>> fragmentation. Maybe we can look at some packet dumps to determine for
>> sure in what direction the tcp stall is happening.
>
> Is the Trace Utility included in VPN client enough to get the required
> dump?
> Otherwise, it looks to me that I have to install ethereal WIN32....
>
Liang,
Can you give this build a try both with and without the mss clamping
option enabled on your firewall. It contains a trivial hack to test a
theory I have.
http://www.shrew.net/vpn/download.php?name=vpn-client&vers=2.0.0-liang
If that doesn't behave any better, please enable the vpn trace dump of
the private interface traffic. You will have to restart ipsecd for the
change to take effect. Narrowing down the problem to as few packets as
possible would be good.
Thanks,
-Matthew
More information about the vpn-help
mailing list