Discussion:
SSH connection hangs on shell commands when used through tinc
Viktors Žilinskis
2008-10-02 15:00:42 UTC
Permalink
Hello!

I have 3 PCs - Windows, FreeBSD and Ubuntu. FreeBSD runs as a tinc server as
it has a real IP. Ubuntu runs as a tinc client as it has a dynamically
changing public IP. Windows has not tinc installed yet. Therefore I use
Putty ssh client to ssh to FreeBSD machine (as it has real IP) and then from
there I ssh to the Ubuntu box using its virtual IP. The connection
establishes well, I can ping FreeBSD and Ubuntu virtual IPs in both
directions, no problems so far. But when I use any shell commands which have
significant text output, the ssh connection just hangs. For example, if I
list files in a small direcotry (5-10) it lists them, If i list a bigger
directory it hangs. It also hangs on other commands, like top. Interestingly
enough, I tried to do that in the opposite direction - connected via ssh to
FreeBSD box virtual IP from Ubuntu box, and I could not find a command which
could hang the connection.

I've tried to use different ssh clients, but this does not help. Though I am
not sure, I think there should be something wrong with my tinc setup.

Any ideas?

Best Regards,
--
Viktors ?ilinskis
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.tinc-vpn.org/pipermail/tinc/attachments/20081002/f406ce5b/attachment.htm
Guus Sliepen
2008-10-02 16:56:25 UTC
Permalink
[...] The connection
establishes well, I can ping FreeBSD and Ubuntu virtual IPs in both
directions, no problems so far. But when I use any shell commands which have
significant text output, the ssh connection just hangs. For example, if I
list files in a small direcotry (5-10) it lists them, If i list a bigger
directory it hangs. It also hangs on other commands, like top. Interestingly
enough, I tried to do that in the opposite direction - connected via ssh to
FreeBSD box virtual IP from Ubuntu box, and I could not find a command which
could hang the connection.
I've tried to use different ssh clients, but this does not help. Though I am
not sure, I think there should be something wrong with my tinc setup.
It sounds like a MTU problem. Either a router is silently dropping packets that
are too large, or it is correctly sending back ICMP Fragmentation Needed
packets and a firewall somewhere is blocking them. Some options to work around
the problem:

- Add "PMTUDiscovery = yes" to your host config files.
- Add "PMTU = 1400" to your host config files, or add "ifconfig $INTERFACE mtu 1400" to the tinc-up scripts.
- Add "TCPOnly = yes" to your host config files.

Of course, the best solution is to fix the offending router/firewall. Let me
know if everything fails.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
Url : http://www.tinc-vpn.org/pipermail/tinc/attachments/20081002/87267c56/attachment.pgp
Viktors Žilinskis
2008-10-02 21:54:16 UTC
Permalink
Hello, Guus!

Thank you for your advice! I used two of the options and it seems that fixed
the problem

This is how a working host file looks now:

###########################
*PMTUDiscovery = yes*
*TCPOnly = yes*
# PMTU = 1400
Compression = 9
Subnet = 10.20.40.2/32
-----BEGIN RSA PUBLIC KEY-----
-----END RSA PUBLIC KEY-----
###########################

Best Regards,
--
Viktors ?ilinskis
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.tinc-vpn.org/pipermail/tinc/attachments/20081003/ac9c241d/attachment.htm
Loading...