tinc - Oct 2008 - SSH connection hangs on shell commands when used through tinc

Hello!

I have 3 PCs - Windows, FreeBSD and Ubuntu. FreeBSD runs as a tinc server as
it has a real IP. Ubuntu runs as a tinc client as it has a dynamically
changing public IP. Windows has not tinc installed yet. Therefore I use
Putty ssh client to ssh to FreeBSD machine (as it has real IP) and then from
there I ssh to the Ubuntu box using its virtual IP. The connection
establishes well, I can ping FreeBSD and Ubuntu virtual IPs in both
directions, no problems so far. But when I use any shell commands which have
significant text output, the ssh connection just hangs. For example, if I
list files in a small direcotry (5-10) it lists them, If i list a bigger
directory it hangs. It also hangs on other commands, like top. Interestingly
enough, I tried to do that in the opposite direction - connected via ssh to
FreeBSD box virtual IP from Ubuntu box, and I could not find a command which
could hang the connection.

I've tried to use different ssh clients, but this does not help. Though I am
not sure, I think there  should be something wrong with my tinc setup.

Any ideas?

Best Regards,
-- 
Viktors ?ilinskis
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://www.tinc-vpn.org/pipermail/tinc/attachments/20081002/f406ce5b/attachment.htm

On Thu, Oct 02, 2008 at 06:00:42PM +0300, Viktors ?ilinskis wrote:
> [...] The connection
> establishes well, I can ping FreeBSD and Ubuntu virtual IPs in both
> directions, no problems so far. But when I use any shell commands which
have
> significant text output, the ssh connection just hangs. For example, if I
> list files in a small direcotry (5-10) it lists them, If i list a bigger
> directory it hangs. It also hangs on other commands, like top.
Interestingly
> enough, I tried to do that in the opposite direction - connected via ssh to
> FreeBSD box virtual IP from Ubuntu box, and I could not find a command
which
> could hang the connection.
> 
> I've tried to use different ssh clients, but this does not help. Though
I am
> not sure, I think there  should be something wrong with my tinc setup.
It sounds like a MTU problem. Either a router is silently dropping packets that
are too large, or it is correctly sending back ICMP Fragmentation Needed
packets and a firewall somewhere is blocking them. Some options to work around
the problem:

- Add "PMTUDiscovery = yes" to your host config files.
- Add "PMTU = 1400" to your host config files, or add "ifconfig
$INTERFACE mtu 1400" to the tinc-up scripts.
- Add "TCPOnly = yes" to your host config files.

Of course, the best solution is to fix the offending router/firewall. Let me
know if everything fails.

-- 
Met vriendelijke groet / with kind regards,
     Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
Url :
http://www.tinc-vpn.org/pipermail/tinc/attachments/20081002/87267c56/attachment.pgp

Hello, Guus!

Thank you for your advice! I used two of the options and it seems that fixed
the problem

This is how a working host file looks now:

###########################
*PMTUDiscovery = yes*
*TCPOnly = yes*
# PMTU = 1400
Compression = 9
Subnet = 10.20.40.2/32
-----BEGIN RSA PUBLIC KEY-----
-----END RSA PUBLIC KEY-----
###########################

Best Regards,
-- 
Viktors ?ilinskis
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://www.tinc-vpn.org/pipermail/tinc/attachments/20081003/ac9c241d/attachment.htm