1 |
Am 10.10.2013 10:30, schrieb Adam Carter: |
2 |
> On the ipfire router. A quick google turns up commands like: ip route get |
3 |
> <IP> and ip route list cache match <IP> and if a redirected route exists, |
4 |
> it is labelled that way in the output of such commands. |
5 |
> |
6 |
> If this is happening, it will be triggered by any traffic is forwarded to |
7 |
> 10.96.25.1. Also, it shouldnt cause any problems. Other than a traceroute |
8 |
> output not quite being what you expect, is there any problem? If |
9 |
> everything's good dont worry about it (unless your curiosity is piqued). |
10 |
|
11 |
Unfortunately not everything is good. I get strange timeouts for libvirt |
12 |
connections and also for scp ... what is special is that I can ssh the |
13 |
servers there quite stable ... same VPN, same config. |
14 |
|
15 |
For example I try to scp a small regfile: |
16 |
|
17 |
|
18 |
Authenticated to 10.96.25.130 ([10.96.25.130]:22). |
19 |
debug1: HPN to Non-HPN Connection |
20 |
debug1: Final hpn_buffer_size = 2097152 |
21 |
debug1: HPN Disabled: 0, HPN Buffer Size: 2097152 |
22 |
debug1: channel 0: new [client-session] |
23 |
debug1: Enabled Dynamic Window Scaling |
24 |
|
25 |
debug1: Entering interactive session. |
26 |
debug1: Sending command: scp -v -t -- /tmp |
27 |
Sending file modes: C0644 6943 sgw.reg |
28 |
Sink: C0644 6943 sgw.reg |
29 |
sgw.reg |
30 |
100% 6943 6.8KB/s |
31 |
6.8KB/s 00:00 |
32 |
debug1: client_input_channel_req: channel 0 rtype keepalive@×××××××.com |
33 |
reply 1 |
34 |
debug1: client_input_channel_req: channel 0 rtype keepalive@×××××××.com |
35 |
reply 1 |
36 |
debug1: client_input_channel_req: channel 0 rtype keepalive@×××××××.com |
37 |
reply 1 |
38 |
Received disconnect from 10.96.25.130: 2: Timeout, your session not |
39 |
responding. |
40 |
lost connection |
41 |
|
42 |
|
43 |
I even downgraded to openssh-5.9 here just to rule out the unstable 6.2 |
44 |
(with 6.2 I am not even able to ssh ...) |
45 |
|
46 |
I just wrote my related questions to my contact there and wait for him |
47 |
to forward them to the internal network admins. |
48 |
|
49 |
Maybe the routing back to their IPSEC-gw is flaky or something ... |
50 |
|
51 |
S |