Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1002
  • Last Modified:

Openswan seems to kill my ssh sessions

I'm configuring OpenSWAN for the first time. I'm obviously progressing with a little trial and error but I think I'm largely getting there with my config. I'm setting up a private link to another server but still require internet access for VoIP & ssh.

When I start openswan my ssh session freezes. If I log in with a screen/keyboard directly I can stop ipsec and the ssh session (without logging off) just starts working again. I have disabled opportunistic encryption (verified by 'ipsec verify').

Is there something blindingly obvious that causes the active ssh session to freeze (and hangs on any new ssh attempts)? Does anyone have any pointers please? As my dedicated server is hosted I have to keep getting them to attach a screen/keyboard during my experimentation. Needless to say they're probably sticking pins into a wax model of me by now ...

Thanks in advance.
0
davidwylie
Asked:
davidwylie
  • 2
  • 2
1 Solution
 
AdamsConsultingCommented:
You're establishing a SSH session to a remote computer that isn't through a tunnel. Then in your SSH session, you're starting an ipsec host to host tunnel between the remote computer and yours, and then having your SSH session hang? That seems normal to me.

When you can't establish any new SSH session with the tunnel up, can you send any traffic to the remote server? Is it really just SSH that doesn't work through the tunnel?
0
 
davidwylieAuthor Commented:
Hi there.
thanks for responding. The ssh session is not over the tunnel, it's over the public internet and needs to remain that way. The tunnel is only for one specific connection to a supplier. I thought the VPN would be its own little entity not affecting the rest of the box.

The tunnel itself is probably not working properly yet either, but as you can imagine it's hard to test when the server is remote and my ssh session doesn't survive ipsec starting.
0
 
AdamsConsultingCommented:
When you can't establish any new SSH session with the tunnel up, can you send any traffic to the remote server? Is it really just SSH that doesn't work through the tunnel?

Also, I may need to see your unmunged routing tables and ipsec configuration to help you accomplish what you're trying to do. Is that something you're comfortable posting?
0
 
davidwylieAuthor Commented:
Hi there.
Apologies for not getting back. I have actually solved this now by using racoon. The problem just didn't happen when I did this, so it either came out in the wash or racoon works differently.

Not quite sure how to close this one off. I'll accept your solution, as you at least tried to help!

I am having another problem with phase 2 auth which I'll post in another thread if you're able to help.

Cheers,.
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now