This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hi,

I set up telnet on a switch at the other end of a VPN tunnel. I've tried to login with both SecureCRT and Putty, and although the telnet session is established, I can't type into the terminal program, meaning I can't put in my username. We can telnet into the switch from the same remote location where the switch resides, but not through the VPN tunnel. There are no firewall rules blocking access on either side, and the terminal programs are configured the same at both locations.

Looking at the Wireshark captures from my desktop, which is at the other end of the VPN away from said switch, there is the initial TCP SYN --> SYN, ACK --> ACK packets exchanged between the source and destination. A few telnet data packets exchanged between the source and destination, and then a ton of TCP Retransmissions and Dup ACKs between both the source and destination. The switch shows that there is a tcp connection but that it is sending keepalives that aren't being responded to.

I'm not entirely convinced that packets aren't being dropped on the other end of the tunnel, but have to take their administrators word on that for now.

Any ideas about what is causing this?

asked 03 Nov '15, 12:07

rdub15's gravatar image

rdub15
6224
accept rate: 0%

A misconfigured VPN tunnel?

(03 Nov '15, 12:28) Jaap ♦

Jaap,

This VPN tunnel has been set up for a long time and is used heavily, so I don't think that is the case. The tunnel, and the firewalls, are configured to allow telnet. Plus, I can see that the telnet session is established. I'm not adept enough at deciphering packet captures to tell if something is missing, though, nor do I know a ton about the intricacies of the telnet protocol. With that said, I wonder if the telnet session is established, but some other negotiations are failing? I'm just swinging in the dark, but if anyone knows a great deal about telnet or has heard of this problem before I'd love their insight on this.

Thanks for the input!

(03 Nov '15, 12:39) rdub15

Can you upload the capture file somewhere (with only the TCP stream in question) and post the link here?

(03 Nov '15, 14:32) Kurt Knochner ♦

@rdub15 Heavily used how? Are there other telnet sessions through that tunnel? Are there other TCP connections through that tunnel? I'm asking because usage within another profile may hide an incorrect configuration. Eg. are you sure MTU sizes match at every encapsulation interface?

(04 Nov '15, 01:28) Jaap ♦

@Jaap There are no other telnet connections through the tunnel, but lots of tcp connections. All of the associated switch ports that I have access to have the same MTU size. The other end of the tunnel is a DR site, so I don't know what devices separate our switch on-site from the end of the VPN tunnel on their side.

(04 Nov '15, 08:01) rdub15

@Kurt Knochner I don't know how/or where to upload a capture securely. I looked into Cloudshark but I don't see a way to allow access to only the tcp stream I'm interested in. I'm open to suggestions.

(04 Nov '15, 09:15) rdub15

Set a filter in Wireshark for that TCP session, then export only the filtered frames to a new pcap file (File -> Export Specified Packets). Then upload to dropbox, google drive, whatever you have and post the shared link here.

(04 Nov '15, 09:17) Kurt Knochner ♦
showing 5 of 7 show 2 more comments
Be the first one to answer this question!
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×20

question asked: 03 Nov '15, 12:07

question was seen: 1,362 times

last updated: 04 Nov '15, 09:18

p​o​w​e​r​e​d by O​S​Q​A