similar to: Strange behaviour of ssh client on arch

https://bugzilla.mindrot.org/show_bug.cgi?id=2674 Bug ID: 2674 Summary: [CONFIRMED] channel 4: open failed: administratively prohibited: open failed Product: Portable OpenSSH Version: 7.4p1 Hardware: Other OS: OpenBSD Status: NEW Severity: minor Priority: P5

here's an up-to-date patch, should apply to both openbsd and non-openbsd versions of openssh. i did only test ipv4 addresses. Index: channels.c =================================================================== RCS file: /cvs/src/usr.bin/ssh/channels.c,v retrieving revision 1.191 diff -u -r1.191 channels.c --- channels.c 24 Jun 2003 08:23:46 -0000 1.191 +++ channels.c 25 Jun 2003 12:14:19

Is there a way to get rid of all the routes in a routing table ? This is more or less what I do: route add 146.64.80.0/24 192.168.0.100 route add 146.141.0.0 -interface tun1 route add 146.182.0.0 -interface tun1 route add 146.230.0.0 -interface tun1 netstat -rn inet 146.64.80.0/24 192.168.0.100 UGS 0 0 sis0 146.141.0.0/16 tun1 US 0

Hi all, I followed the guide "simple-bridging-with-dhcp", which has two parts: http://www.tinc-vpn.org/examples/simple-bridging-with-dhcp-server-side/ http://www.tinc-vpn.org/examples/simple-bridging-with-dhcp-client-side/ I have altered two things to fit my needs, 1) DHCP server(host:pek1) is on client side ethernet, so I have bridged eth0 and tun1 together; 2) Network/Server/Client

> Winton-- > > Excellent! Absolutely wonderful. > > I'm wondering which apps/encapsulators support 4A? This gets me > around > the DNS leakage problem quite nicely. > > Incidentally, we do need SOCKS5 support -- if for no other > reason, the > fact that there's *operating system* level support in OSX for SOCKS5 > redirection. So

On Fri, May 11, 2001 at 04:26:57PM -0400, Ault, James R (CRD) wrote: > I was reading the changelog from version 2.9 that was recently released, and I coudln't help noticing > this item: > > from openssh changelog: > > - markus at cvs.openbsd.org 2001/04/17 12:55:04 > [channels.c ssh.c] > undo socks5 and https support since they are not really used and >

Will this (in theory) work, or have I been around too much magic smoke that has escaped from fried equipment??? I have a system with two different internet connections. One connection is a WISP via an external bridging radio (ethernet to proprietary wireless back haul). The other connection is PPPoE ADSL via the local phone company. (I think) I am wanting to use equal cost multi path

Hi, I'm trying a VPN via ssh between Linux (Suse 10.3, 5.0) and OpenBSD (4.2, 4.7). But it doesn't work... On Linux: sudo ssh -v -f -w 0:1 $OPENBSD true sudo /sbin/ifconfig tun0 10.1.1.1 10.1.1.2 sudo /sbin/route add -net 192.168.17.0 netmask 255.255.255.0 dev tun0 On OBSD: sudo ifconfig tun1 10.1.1.2 10.1.1.1 netmask 255.255.255.0 sudo /sbin/route add 10.0.3.0/24 10.1.1.1 And add a

My desire is to form a connection from my laptop running ubuntu to a SOCKS5 server listed on the Internet. I have read the Ubuntu man page on OpenSSH client program. The description indicates that I have to connect to given host name (assumed to be an ip address?) with optional username. I want the server receive my Internet traffic in SOCKS5 protocol and respond to my computer the requested

I love SSH's ability to dynamically forward ports using SOCKS (either -D or DynamicForward) (ie "ssh -D 1081 private.mine.net"). But the thing that has caused me some pain, is that only SOCKS4 is supported. The SOCKS4 proxy specification does not permit hostnames, but only IP addresses. This isn't much of a problem if the target host is a public Internet host or otherwise DNS

https://bugzilla.mindrot.org/show_bug.cgi?id=1383 Summary: Tons of "rcvd too much data win" messages since upgrading to 4.7p1 Classification: Unclassified Product: Portable OpenSSH Version: 4.7p1 Platform: ix86 OS/Version: Linux Status: NEW Severity: normal Priority: P2

Attached is a very small patch that allows the ssh clients to use the socks5 library. It should work with socks4 but is untested. Tested on linux only configure --with-socks configure --with-socks5 Also included is a configure option to disable scp statistics --disable-scp-stats modified files openssh-2.9.9p2/acconfig.h openssh-2.9.9p2/channels.c openssh-2.9.9p2/configure.in

Hi! Can I create the unnumbered GRE tunnel with iproute2 utility? Can someone provide me a link/howto/example_config how to do it? The topology is one tunnel between two linux boxes: -- eth1-|__|-eth0 <-------------> eth0-|__|-eth1 -- I''m trying now with: ip tu add tun1 mode gre local loc.IP remote rem.IP ttl 255 dev eth0 ip addr add tun1 0.0.0.0 ip link set tun1 up but it

Le mercredi 18 janvier 2017 ? 8:55 +1100, Darren Tucker a ?crit : > On Tue, Jan 17, 2017 at 07:42:50AM -0800, Ron Frederick wrote: Thank you for your answers. > [...] > > One thing that makes UDP over SOCKS more complicated for SSH is that > > SOCKS normally keeps the UDP packets it forwards as UDPl, just adding > > a small header to each packet. If you want to get the

Le mardi 17 janvier 2017 ? 9:20 +1100, Darren Tucker a ?crit : > On Tue, Jan 17, 2017 at 1:30 AM, Romain Vimont <rom at rom1v.com> wrote: > [...] > > As a consequence, in particular, a SOCKS5 server started with "ssh -D" > > cannot proxify UDP packets. > > > > Are there deep reasons why OpenSSH does not implement them (security, or > >

[192.168.0.0/24 Lan] v [Shorewall box ''Curtain'', 192.168.0.254, DHCP to ISP, and a OpenVPN tunnel 10.4.0.2] v [Internet] v [Shorewall box ''statler'' 130.241.25.165, and an OpenVPN tunnel 10.4.0.1] Now, i have set a rule on statler ACCEPT vpn $FW tcp smtp and i have as below. root@statler:/etc/shorewall# cat zones | grep -v ^# net Net Internet

On Tue, Oct 27, 2015 at 02:08:36PM +0100, Guus Sliepen wrote: > > I wonder why tinc tries to resolve host names before connection even > > with configured (socks5) proxy which fails behind restrictive firewalls. > > [...] I'll try to change tinc so it will allow connections via SOCKS5 > even if it cannot resolve the hostname itself. I added the ability for tinc to

On Tue, Oct 27, 2015 at 12:33:35PM +0000, Uwe Werler wrote: > I wonder why tinc tries to resolve host names before connection even > with configured (socks5) proxy which fails behind restrictive firewalls. You are right that it shouldn't be necessary to do this with SOCKS5. With SOCKS4, it needs to know the exact address, and then I just used that for SOCKS5 as well. > Is there

Hello Guus, thanks for Your fast reply. Does it mean only socks is affected and http proxy should work? If this is the case then this may be a temp. solution. Thanks and regards! Uwe Am 27.10.2015 14:08:36, schrieb Guus Sliepen: > On Tue, Oct 27, 2015 at 12:33:35PM +0000, Uwe Werler wrote: > > > I wonder why tinc tries to resolve host names before connection even > > with

If an ssh server receives a tun/tap tunnel request and sets up the tunnel concerned, as far as I can see there is currently no way for the server to configure the tunnel in a manner dependent upon (e.g) the key used to set up the ssh session. Whilst an id based on the key can be passed to the ssh child process, where the tunnel is dynamically allocated, its tunnel name is lost. This patch