Archer VR2600 LAN to LAN VPN
This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Archer VR2600 LAN to LAN VPN
Posts: 3
Helpful: 0
Solutions: 0
Stories: 0
Registered: 2016-05-06
2016-05-06 16:54:59
Posts: 3
Helpful: 0
Solutions: 0
Stories: 0
Registered: 2016-05-06
Archer VR2600 LAN to LAN VPN
2016-05-06 16:54:59
Tags:
Model :
Hardware Version : Not Clear
Firmware Version :
ISP :
I'm trying to connect a remote office to Head Office via a VPN.
The Head Office has a Draytek Vigor 2830 and, until recently, the remote office had a Netgear FVS336 and all worked well. The Netgear box developed a fault so I swapped it over with a spare Draytek 2830 box and, again, all was well.
We have now purchased a T-Link Archer VR2600 and although the IPSec VPN establishes no data will pass along the VPN (although I can ping the devices from the remote office to the Head Office).
I'm no expert in VPN's (they've always just worked!) but I can't figure out why I can ping but can't send or receive data.
Bearing in mind that the Netgear to Draytek and the Draytek to Draytek set ups work I'm assuming that I'm missing some sort of setting on the VR2600.
Has anyone had any experience of this they can share?
Hardware Version : Not Clear
Firmware Version :
ISP :
I'm trying to connect a remote office to Head Office via a VPN.
The Head Office has a Draytek Vigor 2830 and, until recently, the remote office had a Netgear FVS336 and all worked well. The Netgear box developed a fault so I swapped it over with a spare Draytek 2830 box and, again, all was well.
We have now purchased a T-Link Archer VR2600 and although the IPSec VPN establishes no data will pass along the VPN (although I can ping the devices from the remote office to the Head Office).
I'm no expert in VPN's (they've always just worked!) but I can't figure out why I can ping but can't send or receive data.
Bearing in mind that the Netgear to Draytek and the Draytek to Draytek set ups work I'm assuming that I'm missing some sort of setting on the VR2600.
Has anyone had any experience of this they can share?
#1
Options
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Thread Manage
Announcement Manage
2 Reply
Posts: 3
Helpful: 0
Solutions: 0
Stories: 0
Registered: 2016-05-06
Re:Archer VR2600 LAN to LAN VPN
2016-05-07 03:19:04
Just a quick update should anyone else be having this problem....
TP-Link have replicated the problem so it seems to be a problem with the firmware. I've had to return the router to Amazon for a refund whilst I still could so I won't be able to post a solution.
TP-Link have replicated the problem so it seems to be a problem with the firmware. I've had to return the router to Amazon for a refund whilst I still could so I won't be able to post a solution.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
#2
Options
- Copy Link
- Report Inappropriate Content
Thread Manage
Announcement Manage
Posts: 1
Helpful: 0
Solutions: 0
Stories: 0
Registered: 2016-12-05
Same Issue IPsec VPN ( Site-to-Site)
2016-12-05 18:18:05
Hello
Same issue - which is very interesting ..
Hardware: Archer VR2600v v1 000000000
Firmware Version: 1.1.0 0.8.0 v004f.0 Build 160215 Rel.30334n
Setup:
nikolay-home-lan: 192.168.9.0/24
Stations:
192.168.9.101 - Linux box (Wired 1Gb/s connection to Archer VR2600)
192.168.9.102 - Win7 laptop ( Wifi connection to Archer VR2600)
Please HELP
DC LAN: 192.168.5.0/24
Server: 192.168.5.17 -linux rt.remote-office.info
ANY other servers/stations same issue
IPSEC policy based within dynamic gateway and PSK
Once VPN tunel up ping from win7(home-lan)) to linux (remote station)
##########
C:\Users\kolka>ping 192.168.5.17 -t
Pinging 192.168.5.17 with 32 bytes of data:
Reply from 192.168.5.17: bytes=32 time=16ms TTL=62
Reply from 192.168.5.17: bytes=32 time=14ms TTL=62
Reply from 192.168.5.17: bytes=32 time=17ms TTL=62
Reply from 192.168.5.17: bytes=32 time=16ms TTL=62
Reply from 192.168.5.17: bytes=32 time=16ms TTL=62
Ping statistics for 192.168.5.17:
Packets: Sent = 5, Received = 5, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 14ms, Maximum = 17ms, Average = 15ms
Control-C
^C
C:\Users\kolka>
#################
Telnet from Win7 (home-lan)) to Linux (remote)) - not work - AND this is correct no telnet services on Linux
########################
C:\Users\kolka>telnet 192.168.5.17
Connecting To 192.168.5.17...Could not open connection to the host, on port 23:
Connect failed
C:\Users\kolka>
###################
Telnet from Win7 (home-lan)) to Linux (remote) to port 22 ( like ssh connection)
#################
C:\Users\kolka>telnet 192.168.5.17 22
..
..
SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
####################
SSH connection "looks like worked"
ping from OpenElec (linux OS ip: 192.168.9.101 nikolay-home) to Linux (remote)
#########################
OpenELEC:~ # ping 192.168.5.17
PING 192.168.5.17 (192.168.5.17): 56 data bytes
64 bytes from 192.168.5.17: seq=0 ttl=62 time=13.316 ms
64 bytes from 192.168.5.17: seq=1 ttl=62 time=12.615 ms
64 bytes from 192.168.5.17: seq=2 ttl=62 time=13.436 ms
64 bytes from 192.168.5.17: seq=3 ttl=62 time=13.061 ms
^C
--- 192.168.5.17 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 12.615/13.107/13.436 ms
OpenELEC:~ #
#####################
SSH from linux (nikolay-home) to Linux (remote):
#######################
OpenELEC:~ # ssh 192.168.5.17
^C
OpenELEC:~ #
#####################
NOT WORK - WHY ?
SSH from Linux (NH) to Linux (remote) with debugiing :
################################
OpenELEC:~ # ssh -vv 192.168.5.17
OpenSSH_6.6, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.5.17 [192.168.5.17] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /storage/.ssh/id_rsa type -1
debug1: identity file /storage/.ssh/id_rsa-cert type -1
debug1: identity file /storage/.ssh/id_dsa type -1
debug1: identity file /storage/.ssh/id_dsa-cert type -1
debug1: identity file /storage/.ssh/id_ed25519 type -1
debug1: identity file /storage/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubu ntu-2ubuntu2
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-ed25519,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: setup hmac-md5-etm@openssh.com
debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none
debug2: mac_setup: setup hmac-md5-etm@openssh.com
debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<3072<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
Connection closed by 192.168.5.17
OpenELEC:~ #
################################
Looks like worked and KEY exchanging and NEED to work - BUT IT NOT!!!
TCPDUMP on Linux (remote) when try to ssh -vv from Linux (nikolay-home):
##############################
root@rt:~# tcpdump -i eth0 -vvv host 192.168.9.101
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
09:05:55.825025 IP (tos 0x0, ttl 62, id 34138, offset 0, flags [DF], proto TCP (6), length 60)
192.168.9.101.57106 > rt.remote-office.info.ssh: Flags [S], cksum 0xb974 (correct), seq 2373429818, win 29200, options [mss 1430,sackOK,TS val 1184313184 ecr 0,nop,wscale 7], length 0
09:05:55.825053 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
rt.remote-office.info.ssh > 192.168.9.101.57106: Flags [S.], cksum 0x8ff5 (incorrect -> 0x56e4), seq 3545892238, ack 2373429819, win 28960, options [mss 1460,sackOK,TS val 857298767 ecr 1184313184,nop,wscale 7], length 0
09:05:55.837572 IP (tos 0x0, ttl 62, id 34139, offset 0, flags [DF], proto TCP (6), length 52)
192.168.9.101.57106 > rt.remote-office.info.ssh: Flags [.], cksum 0xf5e7 (correct), seq 1, ack 1, win 229, options [nop,nop,TS val 1184313188 ecr 857298767], length 0
09:05:55.837979 IP (tos 0x0, ttl 62, id 34140, offset 0, flags [DF], proto TCP (6), length 73)
192.168.9.101.57106 > rt.remote-office.info.ssh: Flags [P.], cksum 0x3122 (correct), seq 1:22, ack 1, win 229, options [nop,nop,TS val 1184313188 ecr 857298767], length 21
09:05:55.837991 IP (tos 0x0, ttl 64, id 21213, offset 0, flags [DF], proto TCP (6), length 52)
---TILL HERE OK Ack/Seq/Win - ALL OK
BUT THAN:!!
rt.remote-office.info.ssh > 192.168.9.101.57106: Flags [.], cksum 0x8fed (incorrect -> 0xf5d1), seq 1, ack 22, win 227, options [nop,nop,TS val 857298770 ecr 1184313188], length 0
09:05:55.846012 IP (tos 0x0, ttl 64, id 21214, offset 0, flags [DF], proto TCP (6), length 93)
rt.remote-office.info.ssh > 192.168.9.101.57106: Flags [P.], cksum 0x9016 (incorrect -> 0xd078), seq 1:42, ack 22, win 227, options [nop,nop,TS val 857298772 ecr 1184313188], length 41
09:05:55.846819 IP (tos 0x0, ttl 64, id 21215, offset 0, flags [DF], proto TCP (6), length 1470)
rt.remote-office.info.ssh > 192.168.9.101.57106: Flags [.], cksum 0x9577 (incorrect -> 0x50e6), seq 42:1460, ack 22, win 227, options [nop,nop,TS val 857298773 ecr 1184313188], length 1418
09:05:56.054564 IP (tos 0x0, ttl 64, id 21216, offset 0, flags [DF], proto TCP (6), length 93)
rt.remote-office.info.ssh > 192.168.9.101.57106: Flags [P.], cksum 0x9016 (incorrect -> 0xd043), seq 1:42, ack 22, win 227, options [nop,nop,TS val 857298825 ecr 1184313188], length 41
09:05:56.478525 IP (tos 0x0, ttl 64, id 21217, offset 0, flags [DF], proto TCP (6), length 93)
rt.remote-office.info.ssh > 192.168.9.101.57106: Flags [P.], cksum 0x9016 (incorrect -> 0xcfd9), seq 1:42, ack 22, win 227, options [nop,nop,TS val 857298931 ecr 1184313188], length 41
09:05:57.326616 IP (tos 0x0, ttl 64, id 21218, offset 0, flags [DF], proto TCP (6), length 93)
rt.remote-office.info.ssh > 192.168.9.101.57106: Flags [P.], cksum 0x9016 (incorrect -> 0xcf05), seq 1:42, ack 22, win 227, options [nop,nop,TS val 857299143 ecr 1184313188], length 41
09:05:59.026561 IP (tos 0x0, ttl 64, id 21219, offset 0, flags [DF], proto TCP (6), length 93)
rt.remote-office.info.ssh > 192.168.9.101.57106: Flags [P.], cksum 0x9016 (incorrect -> 0xcd5c), seq 1:42, ack 22, win 227, options [nop,nop,TS val 857299568 ecr 1184313188], length 41
09:06:02.426587 IP (tos 0x0, ttl 64, id 21220, offset 0, flags [DF], proto TCP (6), length 93)
rt.remote-office.info.ssh > 192.168.9.101.57106: Flags [P.], cksum 0x9016 (incorrect -> 0xca0a), seq 1:42, ack 22, win 227, options [nop,nop,TS val 857300418 ecr 1184313188], length 41
09:06:09.234569 IP (tos 0x0, ttl 64, id 21221, offset 0, flags [DF], proto TCP (6), length 93)
rt.remote-office.info.ssh > 192.168.9.101.57106: Flags [P.], cksum 0x9016 (incorrect -> 0xc364), seq 1:42, ack 22, win 227, options [nop,nop,TS val 857302120 ecr 1184313188], length 41
09:06:22.834608 IP (tos 0x0, ttl 64, id 21222, offset 0, flags [DF], proto TCP (6), length 93)
rt.remote-office.info.ssh > 192.168.9.101.57106: Flags [P.], cksum 0x9016 (incorrect -> 0xb61c), seq 1:42, ack 22, win 227, options [nop,nop,TS val 857305520 ecr 1184313188], length 41
09:06:50.034577 IP (tos 0x0, ttl 64, id 21223, offset 0, flags [DF], proto TCP (6), length 93)
rt.remote-office.info.ssh > 192.168.9.101.57106: Flags [P.], cksum 0x9016 (incorrect -> 0x9b8c), seq 1:42, ack 22, win 227, options [nop,nop,TS val 857312320 ecr 1184313188], length 41
09:07:44.434608 IP (tos 0x0, ttl 64, id 21224, offset 0, flags [DF], proto TCP (6), length 93)
rt.remote-office.info.ssh > 192.168.9.101.57106: Flags [P.], cksum 0x9016 (incorrect -> 0x666c), seq 1:42, ack 22, win 227, options [nop,nop,TS val 857325920 ecr 1184313188], length 41
09:07:55.846842 IP (tos 0x0, ttl 64, id 21225, offset 0, flags [DF], proto TCP (6), length 250)
rt.remote-office.info.ssh > 192.168.9.101.57106: Flags [FP.], cksum 0x90b3 (incorrect -> 0xe445), seq 1460:1658, ack 22, win 227, options [nop,nop,TS val 857328773 ecr 1184313188], length 198
09:07:55.858115 IP (tos 0x0, ttl 62, id 34163, offset 0, flags [DF], proto TCP (6), length 76)
--- ALL Pakets INCORECT !!! ---
-- Close SSH on Linux (NH) - All connection closed normaly---
192.168.9.101.57106 > rt.remote-office.info.ssh: Flags [FP.], cksum 0xb037 (correct), seq 1750:1774, ack 1659, win 273, options [nop,nop,TS val 1184349195 ecr 857328773], length 24
09:07:55.858165 IP (tos 0x0, ttl 64, id 32969, offset 0, flags [DF], proto TCP (6), length 40)
rt.remote-office.info.ssh > 192.168.9.101.57106: Flags [R], cksum 0x618d (correct), seq 3545893897, win 0, length 0
##############################################
So , IPSEC VPN Tunnel is UP and ICMP ( ping ) running on BOTH sides!
Any TCP/UDP connectivity with application data ( simple telnet to port as well open socket) - not work
Same issue - which is very interesting ..
Hardware: Archer VR2600v v1 000000000
Firmware Version: 1.1.0 0.8.0 v004f.0 Build 160215 Rel.30334n
Setup:
nikolay-home-lan: 192.168.9.0/24
Stations:
192.168.9.101 - Linux box (Wired 1Gb/s connection to Archer VR2600)
192.168.9.102 - Win7 laptop ( Wifi connection to Archer VR2600)
Please HELP
DC LAN: 192.168.5.0/24
Server: 192.168.5.17 -linux rt.remote-office.info
ANY other servers/stations same issue
IPSEC policy based within dynamic gateway and PSK
Once VPN tunel up ping from win7(home-lan)) to linux (remote station)
##########
C:\Users\kolka>ping 192.168.5.17 -t
Pinging 192.168.5.17 with 32 bytes of data:
Reply from 192.168.5.17: bytes=32 time=16ms TTL=62
Reply from 192.168.5.17: bytes=32 time=14ms TTL=62
Reply from 192.168.5.17: bytes=32 time=17ms TTL=62
Reply from 192.168.5.17: bytes=32 time=16ms TTL=62
Reply from 192.168.5.17: bytes=32 time=16ms TTL=62
Ping statistics for 192.168.5.17:
Packets: Sent = 5, Received = 5, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 14ms, Maximum = 17ms, Average = 15ms
Control-C
^C
C:\Users\kolka>
#################
Telnet from Win7 (home-lan)) to Linux (remote)) - not work - AND this is correct no telnet services on Linux
########################
C:\Users\kolka>telnet 192.168.5.17
Connecting To 192.168.5.17...Could not open connection to the host, on port 23:
Connect failed
C:\Users\kolka>
###################
Telnet from Win7 (home-lan)) to Linux (remote) to port 22 ( like ssh connection)
#################
C:\Users\kolka>telnet 192.168.5.17 22
..
..
SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
####################
SSH connection "looks like worked"
ping from OpenElec (linux OS ip: 192.168.9.101 nikolay-home) to Linux (remote)
#########################
OpenELEC:~ # ping 192.168.5.17
PING 192.168.5.17 (192.168.5.17): 56 data bytes
64 bytes from 192.168.5.17: seq=0 ttl=62 time=13.316 ms
64 bytes from 192.168.5.17: seq=1 ttl=62 time=12.615 ms
64 bytes from 192.168.5.17: seq=2 ttl=62 time=13.436 ms
64 bytes from 192.168.5.17: seq=3 ttl=62 time=13.061 ms
^C
--- 192.168.5.17 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 12.615/13.107/13.436 ms
OpenELEC:~ #
#####################
SSH from linux (nikolay-home) to Linux (remote):
#######################
OpenELEC:~ # ssh 192.168.5.17
^C
OpenELEC:~ #
#####################
NOT WORK - WHY ?
SSH from Linux (NH) to Linux (remote) with debugiing :
################################
OpenELEC:~ # ssh -vv 192.168.5.17
OpenSSH_6.6, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.5.17 [192.168.5.17] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /storage/.ssh/id_rsa type -1
debug1: identity file /storage/.ssh/id_rsa-cert type -1
debug1: identity file /storage/.ssh/id_dsa type -1
debug1: identity file /storage/.ssh/id_dsa-cert type -1
debug1: identity file /storage/.ssh/id_ed25519 type -1
debug1: identity file /storage/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubu ntu-2ubuntu2
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-ed25519,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: setup hmac-md5-etm@openssh.com
debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none
debug2: mac_setup: setup hmac-md5-etm@openssh.com
debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<3072<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
Connection closed by 192.168.5.17
OpenELEC:~ #
################################
Looks like worked and KEY exchanging and NEED to work - BUT IT NOT!!!
TCPDUMP on Linux (remote) when try to ssh -vv from Linux (nikolay-home):
##############################
root@rt:~# tcpdump -i eth0 -vvv host 192.168.9.101
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
09:05:55.825025 IP (tos 0x0, ttl 62, id 34138, offset 0, flags [DF], proto TCP (6), length 60)
192.168.9.101.57106 > rt.remote-office.info.ssh: Flags [S], cksum 0xb974 (correct), seq 2373429818, win 29200, options [mss 1430,sackOK,TS val 1184313184 ecr 0,nop,wscale 7], length 0
09:05:55.825053 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
rt.remote-office.info.ssh > 192.168.9.101.57106: Flags [S.], cksum 0x8ff5 (incorrect -> 0x56e4), seq 3545892238, ack 2373429819, win 28960, options [mss 1460,sackOK,TS val 857298767 ecr 1184313184,nop,wscale 7], length 0
09:05:55.837572 IP (tos 0x0, ttl 62, id 34139, offset 0, flags [DF], proto TCP (6), length 52)
192.168.9.101.57106 > rt.remote-office.info.ssh: Flags [.], cksum 0xf5e7 (correct), seq 1, ack 1, win 229, options [nop,nop,TS val 1184313188 ecr 857298767], length 0
09:05:55.837979 IP (tos 0x0, ttl 62, id 34140, offset 0, flags [DF], proto TCP (6), length 73)
192.168.9.101.57106 > rt.remote-office.info.ssh: Flags [P.], cksum 0x3122 (correct), seq 1:22, ack 1, win 229, options [nop,nop,TS val 1184313188 ecr 857298767], length 21
09:05:55.837991 IP (tos 0x0, ttl 64, id 21213, offset 0, flags [DF], proto TCP (6), length 52)
---TILL HERE OK Ack/Seq/Win - ALL OK
BUT THAN:!!
rt.remote-office.info.ssh > 192.168.9.101.57106: Flags [.], cksum 0x8fed (incorrect -> 0xf5d1), seq 1, ack 22, win 227, options [nop,nop,TS val 857298770 ecr 1184313188], length 0
09:05:55.846012 IP (tos 0x0, ttl 64, id 21214, offset 0, flags [DF], proto TCP (6), length 93)
rt.remote-office.info.ssh > 192.168.9.101.57106: Flags [P.], cksum 0x9016 (incorrect -> 0xd078), seq 1:42, ack 22, win 227, options [nop,nop,TS val 857298772 ecr 1184313188], length 41
09:05:55.846819 IP (tos 0x0, ttl 64, id 21215, offset 0, flags [DF], proto TCP (6), length 1470)
rt.remote-office.info.ssh > 192.168.9.101.57106: Flags [.], cksum 0x9577 (incorrect -> 0x50e6), seq 42:1460, ack 22, win 227, options [nop,nop,TS val 857298773 ecr 1184313188], length 1418
09:05:56.054564 IP (tos 0x0, ttl 64, id 21216, offset 0, flags [DF], proto TCP (6), length 93)
rt.remote-office.info.ssh > 192.168.9.101.57106: Flags [P.], cksum 0x9016 (incorrect -> 0xd043), seq 1:42, ack 22, win 227, options [nop,nop,TS val 857298825 ecr 1184313188], length 41
09:05:56.478525 IP (tos 0x0, ttl 64, id 21217, offset 0, flags [DF], proto TCP (6), length 93)
rt.remote-office.info.ssh > 192.168.9.101.57106: Flags [P.], cksum 0x9016 (incorrect -> 0xcfd9), seq 1:42, ack 22, win 227, options [nop,nop,TS val 857298931 ecr 1184313188], length 41
09:05:57.326616 IP (tos 0x0, ttl 64, id 21218, offset 0, flags [DF], proto TCP (6), length 93)
rt.remote-office.info.ssh > 192.168.9.101.57106: Flags [P.], cksum 0x9016 (incorrect -> 0xcf05), seq 1:42, ack 22, win 227, options [nop,nop,TS val 857299143 ecr 1184313188], length 41
09:05:59.026561 IP (tos 0x0, ttl 64, id 21219, offset 0, flags [DF], proto TCP (6), length 93)
rt.remote-office.info.ssh > 192.168.9.101.57106: Flags [P.], cksum 0x9016 (incorrect -> 0xcd5c), seq 1:42, ack 22, win 227, options [nop,nop,TS val 857299568 ecr 1184313188], length 41
09:06:02.426587 IP (tos 0x0, ttl 64, id 21220, offset 0, flags [DF], proto TCP (6), length 93)
rt.remote-office.info.ssh > 192.168.9.101.57106: Flags [P.], cksum 0x9016 (incorrect -> 0xca0a), seq 1:42, ack 22, win 227, options [nop,nop,TS val 857300418 ecr 1184313188], length 41
09:06:09.234569 IP (tos 0x0, ttl 64, id 21221, offset 0, flags [DF], proto TCP (6), length 93)
rt.remote-office.info.ssh > 192.168.9.101.57106: Flags [P.], cksum 0x9016 (incorrect -> 0xc364), seq 1:42, ack 22, win 227, options [nop,nop,TS val 857302120 ecr 1184313188], length 41
09:06:22.834608 IP (tos 0x0, ttl 64, id 21222, offset 0, flags [DF], proto TCP (6), length 93)
rt.remote-office.info.ssh > 192.168.9.101.57106: Flags [P.], cksum 0x9016 (incorrect -> 0xb61c), seq 1:42, ack 22, win 227, options [nop,nop,TS val 857305520 ecr 1184313188], length 41
09:06:50.034577 IP (tos 0x0, ttl 64, id 21223, offset 0, flags [DF], proto TCP (6), length 93)
rt.remote-office.info.ssh > 192.168.9.101.57106: Flags [P.], cksum 0x9016 (incorrect -> 0x9b8c), seq 1:42, ack 22, win 227, options [nop,nop,TS val 857312320 ecr 1184313188], length 41
09:07:44.434608 IP (tos 0x0, ttl 64, id 21224, offset 0, flags [DF], proto TCP (6), length 93)
rt.remote-office.info.ssh > 192.168.9.101.57106: Flags [P.], cksum 0x9016 (incorrect -> 0x666c), seq 1:42, ack 22, win 227, options [nop,nop,TS val 857325920 ecr 1184313188], length 41
09:07:55.846842 IP (tos 0x0, ttl 64, id 21225, offset 0, flags [DF], proto TCP (6), length 250)
rt.remote-office.info.ssh > 192.168.9.101.57106: Flags [FP.], cksum 0x90b3 (incorrect -> 0xe445), seq 1460:1658, ack 22, win 227, options [nop,nop,TS val 857328773 ecr 1184313188], length 198
09:07:55.858115 IP (tos 0x0, ttl 62, id 34163, offset 0, flags [DF], proto TCP (6), length 76)
--- ALL Pakets INCORECT !!! ---
-- Close SSH on Linux (NH) - All connection closed normaly---
192.168.9.101.57106 > rt.remote-office.info.ssh: Flags [FP.], cksum 0xb037 (correct), seq 1750:1774, ack 1659, win 273, options [nop,nop,TS val 1184349195 ecr 857328773], length 24
09:07:55.858165 IP (tos 0x0, ttl 64, id 32969, offset 0, flags [DF], proto TCP (6), length 40)
rt.remote-office.info.ssh > 192.168.9.101.57106: Flags [R], cksum 0x618d (correct), seq 3545893897, win 0, length 0
##############################################
So , IPSEC VPN Tunnel is UP and ICMP ( ping ) running on BOTH sides!
Any TCP/UDP connectivity with application data ( simple telnet to port as well open socket) - not work
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
#3
Options
- Copy Link
- Report Inappropriate Content
Thread Manage
Announcement Manage
Posts: 3
Helpful: 0
Solutions: 0
Stories: 0
Registered: 2016-05-06
2016-05-06 16:54:59
Posts: 3
Helpful: 0
Solutions: 0
Stories: 0
Registered: 2016-05-06
Information
Helpful: 0
Views: 880
Replies: 2
Voters 0
No one has voted for it yet.
Tags
Report Inappropriate Content
Transfer Module
New message