1 |
On 18/9/22 15:26, n952162 wrote: |
2 |
> Hello all, |
3 |
> |
4 |
> I want to ssh over my openvpn connection, and I can't do it, the |
5 |
> connection times out. |
6 |
> |
7 |
> I saw a reference to gentoo in the openvpn scripts in /etc/openvpn and |
8 |
> thought maybe somebody here knows something about this. |
9 |
> |
10 |
> Earlier my institution recommended openconnect, and I was able to use |
11 |
> ssh to login in to a host with no problem. |
12 |
> |
13 |
> Then, for some reason (licensing?), we were switched to openvpn, which |
14 |
> works for xfreerdp but not for ssh. |
15 |
> |
16 |
> I don't have control over the institution's firewall (but I do have for |
17 |
> the host itself) |
18 |
> |
19 |
> Perhaps when installing the new service, they tightened up the firewall |
20 |
> rules. But maybe there's a configuration screw I can turn, or ... maybe |
21 |
> a USE flag? |
22 |
> |
23 |
> - - down-root : Enable the down-root plugin |
24 |
> - - examples : Install examples, usually source code |
25 |
> - - inotify : Enable inotify filesystem monitoring support |
26 |
> - - iproute2 : Enabled iproute2 support instead of net-tools |
27 |
> + + lz4 : Enable support for lz4 compression (as implemented in |
28 |
> app-arch/lz4) |
29 |
> + + lzo : Enable support for lzo compression |
30 |
> - - mbedtls : Use mbed TLS as the backend crypto library |
31 |
> + + openssl : Use OpenSSL as the backend crypto library |
32 |
> + + pam : Add support for PAM (Pluggable Authentication Modules) |
33 |
> - DANGEROUS to |
34 |
> arbitrarily flip |
35 |
> - - pkcs11 : Enable PKCS#11 smartcard support |
36 |
> + + plugins : Enable the OpenVPN plugin system |
37 |
> - - systemd : Enable use of systemd-specific libraries and features |
38 |
> like socket |
39 |
> activation or session tracking |
40 |
> - - test : Enable dependencies and/or preparations necessary to |
41 |
> run tests |
42 |
> (usually controlled by FEATURES=test but can be |
43 |
> toggled independently) |
44 |
> |
45 |
> TIA |
46 |
> |
47 |
> |
48 |
ssh and openvpn work well together. However I am doing most of the work |
49 |
using my own configs - gentoo tries to be too clever with its vpn |
50 |
networking and Ive never been able to get it to work |
51 |
reliably/acceptably. On some sites I have to use port 443 (https) to |
52 |
get through, and in extreme cases double wrap in ssl (using a mix of |
53 |
proxytunnel (windows host), stunnel and sslh) to disguise its a vpn but |
54 |
still separate it from regular https traffic on my firewall. You will |
55 |
need to figure out where the ssh is getting blocked/stripped out - is |
56 |
openvpn your endpoint or theirs? |
57 |
|
58 |
BillK |