Menu
What's new
By:
Filters Better Search

Forwarded connection refused by server, using the SSH tunnel

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

C

Chira

New Around Here
Router AC68U
I have a worked network model before upgrade from 378.55 to 378.56(_0/_2)
Workstation (Putty) -> (SSH tunnel over http proxy) -> Router -> Internet
After Firmware upgrade I receive error:
Opening connection to www.google.com:443 for forwarding
Forwarded connection refused by server: Connect failed []

The connection refused not for all sites.

My options are:
Enable Telnet : No
Enable SSH : Yes
Allow SSH Port Forwarding : Yes
SSH service port : 443
Allow SSH access from WAN : Yes
Allow SSH password login : No
Enable SSH Brute Force Protection : No
SSH Authentication key : some key code
 
Chira said:
Router AC68U
I have a worked network model before upgrade from 378.55 to 378.56(_0/_2)
Workstation (Putty) -> (SSH tunnel over http proxy) -> Router -> Internet
After Firmware upgrade I receive error:
Opening connection to www.google.com:443 for forwarding
Forwarded connection refused by server: Connect failed []

The connection refused not for all sites.

My options are:
Enable Telnet : No
Enable SSH : Yes
Allow SSH Port Forwarding : Yes
SSH service port : 443
Allow SSH access from WAN : Yes
Allow SSH password login : No
Enable SSH Brute Force Protection : No
SSH Authentication key : some key code
Click to expand...

Hi,

You could try another SSH service port.
I could cause problem if you also are using port 443 to login to your router, like https://
So try another SSH port :)
 
Port 8443 is the default port for https access to the gui...possible port conflict?
BTW....port 443 is reserved for AICloud....
 
I have changed port for AICloud to 8843, and checked netstat. There are no any others listening proceses on the 443 and 8443 ports.
And part of https requests works normaly:
Opening connection to www.google.com:443 for forwarding
Opening connection to www.google.com:443 for forwarding
Forwarded connection refused by server: Connect failed []
Forwarded connection refused by server: Connect failed []
Opening connection to www.google.com:443 for forwarding
Forwarded connection refused by server: Connect failed []
Opening connection to www.google.com:443 for forwarding
Opening connection to metalink.oracle.com:80 for forwarding
Opening connection to metalink.oracle.com:80 for forwarding
Forwarded connection refused by server: Connect failed []
Opening connection to support.oracle.com:443 for forwarding
Opening connection to support.oracle.com:443 for forwarding
Forwarded port closed
Forwarded port closed
Opening connection to support.oracle.com:443 for forwarding
Opening connection to support.oracle.com:443 for forwarding
Opening connection to support.oracle.com:443 for forwarding
Opening connection to support.oracle.com:443 for forwarding

Requests to google - refused
Requests to oracle - confirmed
 
Last edited:
Does telnetting to the configured SSH port work? It should like something like:
Code: 
$ telnet 192.168.1.1 22

Trying 192.168.1.1...

Connected to router.asus.com.

Escape character is '^]'.

SSH-2.0-dropbear_2014.66

??|SMz\ϙ???'|?curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,kexguess2@matt.ucc.asn.au#ecdsa-sha2-nistp521,ssh-rsa,ssh-dssgaes128-ctr,3des-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes256-cbc,twofish256-cbc,twofish-cbc,twofish128-cbcgaes128-ctr,3des-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes256-cbc,twofish256-cbc,twofish-cbc,twofish128-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1-96,hmac-sha1,hmac-md5;hmac-sha2-256,hmac-sha2-512,hmac-sha1-96,hmac-sha1,hmac-md5nonenone???=K??
 
How are you testing? If you are accessing via Chrome, can you try a different browser.
 
Yes, I'm using Chrome. I have the same configuration on the another router WRT54GL (with dd-wrt firmware) and it works via Chrome.
Chrome is configured for using socked proxy:
AdditionalParameters=--proxy-server="socks5://localhost:5150"

telnet 192.168.2.1 8443
return:
SSH-2.0-dropbear_2015.68
☻¶☻в╖ше☻5е┘s эяUЮ╣H`╘жcur......
 
Last edited:
I don't know if it's due to some auto formatting in the forum, but I noticed (at least in Tapatalk) that the Google log entry shows up as a hyperlink http://www.google.com:443 and the oracle log entries don't. If it's not just a formatting issue, the Google link looks wrong as the protocol should be HTTPS and not HTTP.

Sent from my Nexus 6 using Tapatalk
 
As I understand, there are no differences, from SSH tunnel point of view, what kind of TCP protocols are forwarding.
HTTPS or HTTP says browser to use or not encryption.
The problem may be related with dropbear upgrade from 2014.66 to 2015.68 version.
I have flashed back to 378.55 and functionality has been returned.
 
My point regarding the Google URL was really more that Google wouldn't be listening for unencrypted http traffic on port 443. The server listening on port 443 would expect to be doing a SSL/TLS handshake and the browser doesn't initiate such a handshake for unencrypted http.

Probably not relaxer but thought I'd throw it out there in case there really was a mismatch between the http protocol specified and the port number being used.

Sent from my Nexus 6 using Tapatalk
 
I'm seeing this issue as well. I'm using a random port in the high 20000's as my ssh port and I still get this issue. It only occurs when I visit a site that uses https.
 
Till now there are no good news :(
I don't know how to fix this bug (may be feature)
I returned to previous firmware version.
 
I found such descriptions in the Change logs:
From Merlin
378.56 Beta 1 (12-Oct-2015)
- CHANGED: Updated dropbear to 2015.68 + upstream patches

From dropbear
2015.71 - 3 December 2015
- Fix crash on exit when -p address: port is used, broke in 2015.68
2015.69 - 25 November 2015
- Fix crash when forwarded TCP connections fail to connect (bug introduced in 2015.68)

May be this is our incident.

In the 380.57 changelog Merlin wrote:
- CHANGED: Updated dropbear to 2015.70.

There is a hope.
 
Last edited:
You must log in or register to reply here.

Similar threads

R
Prevent SSH Disconnect / Timeout around ~ 105-116 seconds from last activity on terminal session
Replies
7
Views
622
ColinTaylor
C
B
OpenVPN tunnel up but the connection resets all the time
Replies
6
Views
668
bortek
B
L
Solved SFTP - Key Only access via FileZilla client to RT-AC68U
Replies
12
Views
3K
RMerlin
RMerlin
A
Devices connect to my openvpn server correctly but no traffic from server to client
Replies
6
Views
923
ragtap
R
F
Tutorial Setup the ASUS TUF Gaming AX5400 router for Transmission with remote access using an SSD for storage
Replies
2
Views
3K
KattinVN
KattinVN
Similar threads
Thread starter Title Forum Replies Date
L IPSec VPN Server with VNC connection causes ASUS RT-AC3100 to Reboot Asuswrt-Merlin 0
Nas.CloudBusinessPortal Loss of stream/connection Asuswrt-Merlin 6
S Prevent client from connecting to router but allow connection to internet via access point Asuswrt-Merlin 4
O Assigned IP address to the WAN interface via VPN director: no internet connection - why? Asuswrt-Merlin 1
V Mesh node losing connection every now and then Asuswrt-Merlin 9
zombeeh8er Solved GT-AX11000 drops WAN connection / crashes every 6-36 hours Asuswrt-Merlin 25
C Strange WAN connection issue Asuswrt-Merlin 9
T Enabling SQM only on Asymmetrical Connection (1150/40) via AX86U Pro (3004.388.4) Asuswrt-Merlin 5
M I lose connection every few days in the mornings. No internet when we wake up. Asuswrt-Merlin 6
P Google TV on lan port drops connection Asuswrt-Merlin 5

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 624 (members: 14, guests: 610)
Top