You are not logged in.

#1 2018-06-07 15:30:39

dalu
Member
Registered: 2014-04-16
Posts: 77

Weird problem with ssh over vpn over 4G and gnome-shell

Where should I start...

I'm currently in Croatia.
There I had HRTelekom VDSL line 14/1 MBit/s.
2 days ago my order of Tele2 LTE/4G arrived with a ZTE MF286 router.

At home in Germany I have a Fritz!Box 7590 acting as a VPN server.
It's using deprecated xauth+psk and I can establish a connection with vpnc and NetworkManager.
I was able to establish that connection over the Telekom DSL
and I'm able to establish that connection over Tele2 LTE.

Router firewall is disabled.
It was enabled at some point with default policy accept.

Oh yeah I also have a Smartphone (Samsung S5 with LineageOS).

Now for the ssh connection.

The router has the IP 192.168.2.1 . I changed it from 192.168.0.1 because from my undestanding 0 is pretty much a wildcard address depending on netmask.

ssh connection over
- Telekom DSL - worked
- Smartphone TLE - works
- TELE2 LTE:
  nmap can find the port and connect to it and make out it's openssh 7.4
  putty on arch is able to establish a connection and I can log in without a problem
  any attempt over gnome-shell fails
  any attempt over konsole fails
  I can use telnet to connect to port 22 but I'm ofc unable to handshake and so on

Things to note:
When I turn on the router without a SIM card inserted and run Firefox it tells me I need to log in to my provider
Windows 10 crashed (blue screen) 1st time I connected this router to Windows with KERNEL_SECURITY...something and it would bluescreen to no end until I pulled the LAN cable and booted without it and then connected the LAN cable. Windows eh?

I tried
removing .ssh/config
using cinnamon
using gnome
restarting croatia router
restarting germany router

The error message is

darko@wrk ~ $ ssh root@192.168.10.17
Connection closed by 192.168.10.17 port 22

env doesn't look like anything out of the ordinary

NVM_DIR=/home/darko/.nvm
LS_COLORS=rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=00:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arc=01;31:*.arj=01;31:*.taz=01;31:*.lha=01;31:*.lz4=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.tzo=01;31:*.t7z=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.dz=01;31:*.gz=01;31:*.lrz=01;31:*.lz=01;31:*.lzo=01;31:*.xz=01;31:*.zst=01;31:*.tzst=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.alz=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.cab=01;31:*.wim=01;31:*.swm=01;31:*.dwm=01;31:*.esd=01;31:*.jpg=01;35:*.jpeg=01;35:*.mjpg=01;35:*.mjpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.webm=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=00;36:*.au=00;36:*.flac=00;36:*.m4a=00;36:*.mid=00;36:*.midi=00;36:*.mka=00;36:*.mp3=00;36:*.mpc=00;36:*.ogg=00;36:*.ra=00;36:*.wav=00;36:*.oga=00;36:*.opus=00;36:*.spx=00;36:*.xspf=00;36:
LC_MEASUREMENT=de_DE.UTF-8
LC_PAPER=de_DE.UTF-8
LC_MONETARY=de_DE.UTF-8
ANDROID_HOME=/home/darko/Android/Sdk
XDG_MENU_PREFIX=gnome-
LANG=en_US.utf8
DISPLAY=:0
SDKMAN_CURRENT_API=https://api.sdkman.io/2
COLORTERM=truecolor
NVM_CD_FLAGS=
MOZ_PLUGIN_PATH=/usr/lib/mozilla/plugins
XDG_VTNR=1
PAM_KWALLET5_LOGIN=/run/user/1000/kwallet5.socket
AIR_HOME=/opt/adobe-air-sdk
SSH_AUTH_SOCK=/run/user/1000/keyring/ssh
HG=/usr/bin/hg
XDG_SESSION_ID=c3
USER=darko
SPRINGBOOT_HOME=/home/darko/.sdkman/candidates/springboot/current
DESKTOP_SESSION=/usr/share/xsessions/gnome
GOPATH=/home/darko/go
GRADLE_HOME=/usr/share/java/gradle
GNOME_TERMINAL_SCREEN=/org/gnome/Terminal/screen/4971abb6_a1fc_4d86_982b_b9eb92172a7a
PWD=/home/darko
HOME=/home/darko
XDG_SESSION_TYPE=x11
XDG_DATA_DIRS=/home/darko/.local/share/flatpak/exports/share:/var/lib/flatpak/exports/share:/usr/local/share:/usr/share
XDG_SESSION_DESKTOP=GNOME
GJS_DEBUG_OUTPUT=stderr
LC_NUMERIC=de_DE.UTF-8
SDKMAN_DIR=/home/darko/.sdkman
GTK_MODULES=canberra-gtk-module
SDKMAN_LEGACY_API=https://api.sdkman.io/1
MAIL=/var/spool/mail/darko
TERM=xterm-256color
SHELL=/bin/bash
VTE_VERSION=5202
XDG_SESSION_CLASS=user
XDG_SEAT_PATH=/org/freedesktop/DisplayManager/Seat0
NVM_BIN=/home/darko/.nvm/versions/node/v10.1.0/bin
SDKMAN_CANDIDATES_DIR=/home/darko/.sdkman/candidates
XDG_CURRENT_DESKTOP=GNOME
GNOME_TERMINAL_SERVICE=:1.158
XDG_SEAT=seat0
SHLVL=1
MAVEN_OPTS=-Xmx512m
GNOME_DESKTOP_SESSION_ID=this-is-deprecated
LOGNAME=darko
DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus
XDG_RUNTIME_DIR=/run/user/1000
XAUTHORITY=/home/darko/.Xauthority
XDG_SESSION_PATH=/org/freedesktop/DisplayManager/Session2
PATH=/home/darko/.nvm/versions/node/v10.1.0/bin:/home/darko/.sdkman/candidates/springboot/current/bin:/bin:/usr/bin:/usr/local/bin:/usr/local/sbin:/opt/adobe-air-sdk/bin:/usr/lib/jvm/default/bin:/usr/bin/site_perl:/usr/bin/vendor_perl:/usr/bin/core_perl:/home/darko/go/bin/:/home/darko/.gem/ruby/2.2.0/bin:/home/darko/go_appengine:/home/darko/.gem/ruby/2.3.0/bin
SDKMAN_VERSION=5.5.11+256
GJS_DEBUG_TOPICS=JS ERROR;JS LOG
SDKMAN_PLATFORM=Linux64
SESSION_MANAGER=local/wrk:@/tmp/.ICE-unix/3623,unix/wrk:/tmp/.ICE-unix/3623
LC_TIME=de_DE.UTF-8
_=/bin/env
OLDPWD=/home/darko/.ssh

I have a wireshark log of tun0 when I tried to connect but where should I put it and is it even necessary? It tries to handshake and tries again and again but apparently fails.

Could this be a sign for router MITM attacks?

Anyhow looking for a solution.

edit: Trying to create this topic over the VPN I wasn't able to post because the identity of bbs.archlinux.org couldn't be verified (said firefox).
edit2: Gnome Version 3.28.2, same as gnome-terminal, konsole Version 18.04.1

any other info you need just ask

edit3:

darko@wrk ~ $ ssh -v root@192.168.10.17
OpenSSH_7.7p1, OpenSSL 1.1.0h  27 Mar 2018
debug1: Reading configuration data /home/darko/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to 192.168.10.17 [192.168.10.17] port 22.
debug1: Connection established.
debug1: identity file /home/darko/.ssh/id_rsa type 0
debug1: key_load_public: No such file or directory
debug1: identity file /home/darko/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/darko/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/darko/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/darko/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/darko/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/darko/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/darko/.ssh/id_ed25519-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/darko/.ssh/id_xmss type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/darko/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.7
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 192.168.10.17:22 as 'root'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
Connection closed by 192.168.10.17 port 22

Last edited by dalu (2018-06-07 15:40:20)

Offline

#2 2018-06-07 15:48:05

dalu
Member
Registered: 2014-04-16
Posts: 77

Re: Weird problem with ssh over vpn over 4G and gnome-shell

I believe it has something to do with MTU setting.
On the router it's currently 1500.
I tried lowering the MTU to 1440 by

sudo ip link set mtu 1440 dev enp3s0

and I was able to connect, however bbs.archlinux.org is still timing out.

How would I go about finding the correct MTU setting?

Offline

#3 2018-06-07 16:27:06

dalu
Member
Registered: 2014-04-16
Posts: 77

Re: Weird problem with ssh over vpn over 4G and gnome-shell

Now I'm able to post here, hopefully with

sudo nano -w /etc/NetworkManager/dispatcher.d/vpn-up

#!/bin/sh

if [ "$2" = "vpn-up" ]; then
        /sbin/ifconfig "$1" mtu 1280
fi

or even 1392

but I'm unable to ssh, still.

Router has
MTU 1500
MSS 1300

factory default or rather tele2 default

Last edited by dalu (2018-06-07 16:41:16)

Offline

#4 2018-06-07 17:10:15

dalu
Member
Registered: 2014-04-16
Posts: 77

Re: Weird problem with ssh over vpn over 4G and gnome-shell

I don't get it. Why is everything those freedesktop guys do utterly flawed?

#!/bin/sh
/sbin/ifconfig tun0 mtu 1358
/sbin/ifconfig enp3s0 mtu 1420

You'd think this sets the correct values right?
Well wrong.

and for the record yes i did ip link set mtu xxx dev yyy

Offline

Board footer

Powered by FluxBB