[wplug] ssh with VPN question

Rick Reynolds rick at rickandviv.net
Fri Mar 19 21:00:18 EDT 2010 

Interesting.  When I attempt pinging of the outside world and servers inside my company's network while the VPN is up, there is a substantial delay.  But pinging of the Linux machine that is connected to the VPN from another machine on my network is fast.

Thanks,
Rick Reynolds
-- 
"You know what the three big lies are, don't you? 'The check is in the mail,' 'I'll still respect you in the morning,' and 'the Keyboard will be out in the spring.'" -- Jay Leno at the Mattel Electronics 1981 Christmas party


On Mar 19, 2010, at 8:57 PM, Rick Reynolds wrote:

> Hmm... Not too sure about that.  Ping commands return very quickly when I use the name.
> 
> Thanks,
> Rick Reynolds
> -- 
> "Your brain's operating system isn't written in C++" -- Steve Yegge
> 
> 
> 
> 
> On Mar 19, 2010, at 8:16 PM, Moshe Hyzon wrote:
> 
>> I bet you it is dns lookups timing out.  After you connect to the VPN,  
>> the Linux box's Dns servers change to your work servers, so lookups  
>> for your mac's address fail after a timeout.
>> 
>> Moshe
>> 
>> --
>> Moshe Hyzon (Mobile)
>> 
>> This email may contain confidential information. Please delete it if  
>> you are not the intended recipient.
>> 
>> On Mar 19, 2010, at 19:06, Rick Reynolds <rick at rickandviv.net> wrote:
>> 
>>> My work only allows connection via VPN.  My main machine is a Mac  
>>> which they won't support.
>>> 
>>> They do support Linux connections to the VPN, however.  So I'm  
>>> working on a system whereby I connect to work via a CentOS Linux box  
>>> and then use ssh tunneling through that box to get to services  
>>> within my company's network.
>>> 
>>> It all works just fine.  Except that ssh is VERY SLOW to make the  
>>> connection while the VPN is up.
>>> 
>>> So what I'm seeing:
>>> 
>>> 1. I ssh to the Linux box (which connects just about immediately)  
>>> and start the command line VPN client.
>>> 2. I then attempt another ssh connection to the Linux box and it  
>>> takes a little over 1 minute to make the ssh connection (I measured  
>>> 1:12).
>>> 
>>> If I turn off the VPN connection to work, ssh is fast again.
>>> 
>>> It looks like it is the ssh protocol itself that is seeing a  
>>> slowdown.  When I add -vv to my ssh command line, it spews a bunch  
>>> of debug info and stops at this point for some seconds:
>>> 
>>> debug1: SSH2_MSG_SERVICE_ACCEPT received
>>> debug2: key: /Users/rick/.ssh/id_rsa (0x100125a40)
>>> debug2: key: /Users/rick/.ssh/id_dsa (0x100125e70)
>>> debug1: Authentications that can continue: publickey,gssapi-with- 
>>> mic,password
>>> debug1: Next authentication method: publickey
>>> debug1: Offering public key: /Users/rick/.ssh/id_rsa
>>> debug2: we sent a publickey packet, wait for reply
>>> 
>>> Then at this point:
>>> 
>>> debug1: Server accepts key: pkalg ssh-rsa blen 277
>>> debug2: input_userauth_pk_ok: fp 6c:24:7d:03:3c:fd:3b: 
>>> 0f:c5:76:e0:a9:ef:81:e2:e6
>>> debug1: read PEM private key done: type RSA
>>> 
>>> Then here for the bulk of the time:
>>> 
>>> debug1: Authentication succeeded (publickey).
>>> debug1: channel 0: new [client-session]
>>> debug2: channel 0: send open
>>> debug1: Entering interactive session.
>>> 
>>> Then another stop after this:
>>> 
>>> debug2: callback start
>>> debug2: client_session2_setup: id 0
>>> debug2: channel 0: request pty-req confirm 1
>>> debug1: Sending environment.
>>> debug2: channel 0: request shell confirm 1
>>> debug2: fd 3 setting TCP_NODELAY
>>> debug2: callback done
>>> debug2: channel 0: open confirm rwindow 0 rmax 32768
>>> debug2: channel_input_status_confirm: type 99 id 0
>>> debug2: PTY allocation request accepted on channel 0
>>> debug2: channel 0: rcvd adjust 2097152
>>> debug2: channel_input_status_confirm: type 99 id 0
>>> debug2: shell request accepted on channel 0
>>> 
>>> And then this message comes out with another delay:
>>> 
>>> Last login: Fri Mar 19 18:52:16 2010 from jordan
>>> 
>>> And then I'm logged in.
>>> 
>>> Any ideas on how I can debug this?
>>> 
>>> 
>>> Thanks,
>>> Rick Reynolds
>>> -- 
>>> I had a dream that I was eating my pillow, and in the morning my  
>>> giant marshmallow was gone!
>>> 
>>> 
>>> _______________________________________________
>>> wplug mailing list
>>> wplug at wplug.org
>>> http://www.wplug.org/mailman/listinfo/wplug
>> _______________________________________________
>> wplug mailing list
>> wplug at wplug.org
>> http://www.wplug.org/mailman/listinfo/wplug
> 
> _______________________________________________
> wplug mailing list
> wplug at wplug.org
> http://www.wplug.org/mailman/listinfo/wplug

More information about the wplug mailing list