Openswan seems to kill my ssh sessions

Posted on 2009-02-11
Last Modified: 2012-06-27
I'm configuring OpenSWAN for the first time. I'm obviously progressing with a little trial and error but I think I'm largely getting there with my config. I'm setting up a private link to another server but still require internet access for VoIP & ssh.

When I start openswan my ssh session freezes. If I log in with a screen/keyboard directly I can stop ipsec and the ssh session (without logging off) just starts working again. I have disabled opportunistic encryption (verified by 'ipsec verify').

Is there something blindingly obvious that causes the active ssh session to freeze (and hangs on any new ssh attempts)? Does anyone have any pointers please? As my dedicated server is hosted I have to keep getting them to attach a screen/keyboard during my experimentation. Needless to say they're probably sticking pins into a wax model of me by now ...

Thanks in advance.
Question by:davidwylie
    LVL 4

    Expert Comment

    You're establishing a SSH session to a remote computer that isn't through a tunnel. Then in your SSH session, you're starting an ipsec host to host tunnel between the remote computer and yours, and then having your SSH session hang? That seems normal to me.

    When you can't establish any new SSH session with the tunnel up, can you send any traffic to the remote server? Is it really just SSH that doesn't work through the tunnel?

    Author Comment

    Hi there.
    thanks for responding. The ssh session is not over the tunnel, it's over the public internet and needs to remain that way. The tunnel is only for one specific connection to a supplier. I thought the VPN would be its own little entity not affecting the rest of the box.

    The tunnel itself is probably not working properly yet either, but as you can imagine it's hard to test when the server is remote and my ssh session doesn't survive ipsec starting.
    LVL 4

    Accepted Solution

    When you can't establish any new SSH session with the tunnel up, can you send any traffic to the remote server? Is it really just SSH that doesn't work through the tunnel?

    Also, I may need to see your unmunged routing tables and ipsec configuration to help you accomplish what you're trying to do. Is that something you're comfortable posting?

    Author Comment

    Hi there.
    Apologies for not getting back. I have actually solved this now by using racoon. The problem just didn't happen when I did this, so it either came out in the wash or racoon works differently.

    Not quite sure how to close this one off. I'll accept your solution, as you at least tried to help!

    I am having another problem with phase 2 auth which I'll post in another thread if you're able to help.


    Featured Post

    Highfive + Dolby Voice = No More Audio Complaints!

    Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

    Join & Write a Comment

    Suggested Solutions

    Secure Shell (SSH) is a network protocol for secure data communication, mainly used to administer remote Unix / Linux servers via command line. But it also allows the user to open a secure tunnel between a client and a server where he can send any k…
    Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
    Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now