bengalih
Senior Member
So I used to keep port 22 open public and use SSH with *only* public key authentication to access my router remotely.
I recently switched SSH access from WAN+LAN to LAN only and decided to initiate a VPN connection back to my router and ssh in from the local IP to help with security.
I set this up a while ago and tested it briefly just to make sure I could connect and everything seemed fine.
I actually had the need to do some work on my router remotely tonight and I was having weird issues.
While I was able to do simple things like change a directory and maybe 'vi smallfile.txt', when I tried to do things like 'ps' and 'top' my session would hang and then within 30 seconds or so disconnect.
I was able to do 'ps | grep some_process' but a full 'ps' didn't work.
When I got home I ensured that I was able to do this locally, and I temporarily enabled WAN access again and had no issues direct to port 22.
This was definitely a VPN issue.
Digging around I discovered the UDP/TCP settings on the VPN server with UDP being the default. Because UDP is connectionless and it seemed my problem could be related to large amounts of data being sent in an ssh response I decided to change the Advanced Server settings of my VPN to TCP instead.
This immediately solved the issue.
I'm hoping both that this post might help someone else, but I'm also curious if this setting should really be required, is there perhaps a better way to solve, and/or is this needed possibly due to some problem with the dropbear/ssh server on merlin or the VPN server?
I believe UDP connections are often the default for VPN and I don't recall having this issue before. Has anyone else run into it?
I recently switched SSH access from WAN+LAN to LAN only and decided to initiate a VPN connection back to my router and ssh in from the local IP to help with security.
I set this up a while ago and tested it briefly just to make sure I could connect and everything seemed fine.
I actually had the need to do some work on my router remotely tonight and I was having weird issues.
While I was able to do simple things like change a directory and maybe 'vi smallfile.txt', when I tried to do things like 'ps' and 'top' my session would hang and then within 30 seconds or so disconnect.
I was able to do 'ps | grep some_process' but a full 'ps' didn't work.
When I got home I ensured that I was able to do this locally, and I temporarily enabled WAN access again and had no issues direct to port 22.
This was definitely a VPN issue.
Digging around I discovered the UDP/TCP settings on the VPN server with UDP being the default. Because UDP is connectionless and it seemed my problem could be related to large amounts of data being sent in an ssh response I decided to change the Advanced Server settings of my VPN to TCP instead.
This immediately solved the issue.
I'm hoping both that this post might help someone else, but I'm also curious if this setting should really be required, is there perhaps a better way to solve, and/or is this needed possibly due to some problem with the dropbear/ssh server on merlin or the VPN server?
I believe UDP connections are often the default for VPN and I don't recall having this issue before. Has anyone else run into it?