Tunneling lock/hangs/unidirectional

Corey Smith corsmith at gmail.com
Wed Jan 25 04:52:05 EST 2006 

I've setup a lab to test the new tunneling options in the latest
openssh.  Things work well...  for a while... then the tunnel goes
unidirectional.

openssh-SNAP-20060122.tar.gz

lab1 config:

# uname -a
FreeBSD lab1 6.0-RELEASE FreeBSD 6.0-RELEASE #0: Fri Jan 13 13:01:17
EST 2006     root@:/usr/src/sys/i386/compile/SMP  i386

# cat /etc/sysctl.conf | egrep -v '(^#|^$)'
net.inet.ip.fastforwarding=1

# cat ~/.ssh/config
Host 169.254.254.20
        Tunnel yes
        TunnelDevice 0:any
        PermitLocalCommand      yes
        LocalCommand    sh /root/scripts/netstart tun0

# cat /root/scripts/netstart
#!/bin/sh

ifconfig $1 inet 169.254.253.10 169.254.253.20 netmask 255.255.255.0 && \
route add host2 169.254.253.20

lab 2 config:

# uname -a
FreeBSD lab2 6.0-RELEASE FreeBSD 6.0-RELEASE #0: Fri Jan 13 12:00:56
EST 2006     root@:/usr/src/sys/i386/compile/SMP  i386

# cat /etc/sysctl.conf | egrep -v '(^#|^$)'
net.inet.ip.fastforwarding=1

# cat /etc/ssh/sshd_config | egrep -v '(^#|^$)'
PermitTunnel    point-to-point

# cat ~/.ssh/authorized_keys2
tunnel="1",command="/root/scripts/netstart tun1" ssh-dss AAAA...

# cat /root/scripts/netstart
#!/bin/sh

ifconfig $1 inet 169.254.253.20 169.254.253.10 netmask 255.255.255.0 && \
route add host1 169.254.253.10

The test consists of a single TCP stream operating at the maximum
capacity of a FastEthernet connection 12.5MBps using the command:

#setup the tunnel and routes
lab1# ssh -fw 0:any 169.254.254.20 true

host1$ cat /dev/zero | nc -l 2000

host2$ nc -o host1 2000 > /dev/zero

This test usually runs between 4-5 seconds before the tunnel goes
unidirectional: packets tunnelized between lab1 -> lab2 work but
tunneled packets between lab2 -> lab1 do not.

After changing the MTU of the test TCP stream to 1400 it ends up
lasting around 2 minutes before going unidirectional.

lab2# ping 169.254.253.10
PING 169.254.253.10 (169.254.253.10): 56 data bytes
ping: sendto: No buffer space available

Without the ssh tunnel the lab boxes easily route that much bandwidth
indefinitely.

Any ideas on how I can further diagnose the problem would be appreciated.

-Corey Smith

More information about the openssh-unix-dev mailing list