[wplug] ssh with VPN question

Rick Reynolds rick at rickandviv.net
Fri Mar 19 20:57:54 EDT 2010 

Hmm... Not too sure about that.  Ping commands return very quickly when I use the name.

Thanks,
Rick Reynolds
-- 
"Your brain's operating system isn't written in C++" -- Steve Yegge




On Mar 19, 2010, at 8:16 PM, Moshe Hyzon wrote:

> I bet you it is dns lookups timing out.  After you connect to the VPN,  
> the Linux box's Dns servers change to your work servers, so lookups  
> for your mac's address fail after a timeout.
> 
> Moshe
> 
> --
> Moshe Hyzon (Mobile)
> 
> This email may contain confidential information. Please delete it if  
> you are not the intended recipient.
> 
> On Mar 19, 2010, at 19:06, Rick Reynolds <rick at rickandviv.net> wrote:
> 
>> My work only allows connection via VPN.  My main machine is a Mac  
>> which they won't support.
>> 
>> They do support Linux connections to the VPN, however.  So I'm  
>> working on a system whereby I connect to work via a CentOS Linux box  
>> and then use ssh tunneling through that box to get to services  
>> within my company's network.
>> 
>> It all works just fine.  Except that ssh is VERY SLOW to make the  
>> connection while the VPN is up.
>> 
>> So what I'm seeing:
>> 
>> 1. I ssh to the Linux box (which connects just about immediately)  
>> and start the command line VPN client.
>> 2. I then attempt another ssh connection to the Linux box and it  
>> takes a little over 1 minute to make the ssh connection (I measured  
>> 1:12).
>> 
>> If I turn off the VPN connection to work, ssh is fast again.
>> 
>> It looks like it is the ssh protocol itself that is seeing a  
>> slowdown.  When I add -vv to my ssh command line, it spews a bunch  
>> of debug info and stops at this point for some seconds:
>> 
>> debug1: SSH2_MSG_SERVICE_ACCEPT received
>> debug2: key: /Users/rick/.ssh/id_rsa (0x100125a40)
>> debug2: key: /Users/rick/.ssh/id_dsa (0x100125e70)
>> debug1: Authentications that can continue: publickey,gssapi-with- 
>> mic,password
>> debug1: Next authentication method: publickey
>> debug1: Offering public key: /Users/rick/.ssh/id_rsa
>> debug2: we sent a publickey packet, wait for reply
>> 
>> Then at this point:
>> 
>> debug1: Server accepts key: pkalg ssh-rsa blen 277
>> debug2: input_userauth_pk_ok: fp 6c:24:7d:03:3c:fd:3b: 
>> 0f:c5:76:e0:a9:ef:81:e2:e6
>> debug1: read PEM private key done: type RSA
>> 
>> Then here for the bulk of the time:
>> 
>> debug1: Authentication succeeded (publickey).
>> debug1: channel 0: new [client-session]
>> debug2: channel 0: send open
>> debug1: Entering interactive session.
>> 
>> Then another stop after this:
>> 
>> debug2: callback start
>> debug2: client_session2_setup: id 0
>> debug2: channel 0: request pty-req confirm 1
>> debug1: Sending environment.
>> debug2: channel 0: request shell confirm 1
>> debug2: fd 3 setting TCP_NODELAY
>> debug2: callback done
>> debug2: channel 0: open confirm rwindow 0 rmax 32768
>> debug2: channel_input_status_confirm: type 99 id 0
>> debug2: PTY allocation request accepted on channel 0
>> debug2: channel 0: rcvd adjust 2097152
>> debug2: channel_input_status_confirm: type 99 id 0
>> debug2: shell request accepted on channel 0
>> 
>> And then this message comes out with another delay:
>> 
>> Last login: Fri Mar 19 18:52:16 2010 from jordan
>> 
>> And then I'm logged in.
>> 
>> Any ideas on how I can debug this?
>> 
>> 
>> Thanks,
>> Rick Reynolds
>> -- 
>> I had a dream that I was eating my pillow, and in the morning my  
>> giant marshmallow was gone!
>> 
>> 
>> _______________________________________________
>> wplug mailing list
>> wplug at wplug.org
>> http://www.wplug.org/mailman/listinfo/wplug
> _______________________________________________
> wplug mailing list
> wplug at wplug.org
> http://www.wplug.org/mailman/listinfo/wplug

More information about the wplug mailing list