Hi, I set up telnet on a switch at the other end of a VPN tunnel. I've tried to login with both SecureCRT and Putty, and although the telnet session is established, I can't type into the terminal program, meaning I can't put in my username. We can telnet into the switch from the same remote location where the switch resides, but not through the VPN tunnel. There are no firewall rules blocking access on either side, and the terminal programs are configured the same at both locations. Looking at the Wireshark captures from my desktop, which is at the other end of the VPN away from said switch, there is the initial TCP SYN --> SYN, ACK --> ACK packets exchanged between the source and destination. A few telnet data packets exchanged between the source and destination, and then a ton of TCP Retransmissions and Dup ACKs between both the source and destination. The switch shows that there is a tcp connection but that it is sending keepalives that aren't being responded to. I'm not entirely convinced that packets aren't being dropped on the other end of the tunnel, but have to take their administrators word on that for now. Any ideas about what is causing this? asked 03 Nov '15, 12:07  rdub15 showing 5 of 7 show 2 more comments |
This is a static archive of our old Q&A Site.
Please post any new questions and answers at ask.wireshark.org.
A misconfigured VPN tunnel?
Jaap,
This VPN tunnel has been set up for a long time and is used heavily, so I don't think that is the case. The tunnel, and the firewalls, are configured to allow telnet. Plus, I can see that the telnet session is established. I'm not adept enough at deciphering packet captures to tell if something is missing, though, nor do I know a ton about the intricacies of the telnet protocol. With that said, I wonder if the telnet session is established, but some other negotiations are failing? I'm just swinging in the dark, but if anyone knows a great deal about telnet or has heard of this problem before I'd love their insight on this.
Thanks for the input!
Can you upload the capture file somewhere (with only the TCP stream in question) and post the link here?
@rdub15 Heavily used how? Are there other telnet sessions through that tunnel? Are there other TCP connections through that tunnel? I'm asking because usage within another profile may hide an incorrect configuration. Eg. are you sure MTU sizes match at every encapsulation interface?
@Jaap There are no other telnet connections through the tunnel, but lots of tcp connections. All of the associated switch ports that I have access to have the same MTU size. The other end of the tunnel is a DR site, so I don't know what devices separate our switch on-site from the end of the VPN tunnel on their side.
@Kurt Knochner I don't know how/or where to upload a capture securely. I looked into Cloudshark but I don't see a way to allow access to only the tcp stream I'm interested in. I'm open to suggestions.
Set a filter in Wireshark for that TCP session, then export only the filtered frames to a new pcap file (File -> Export Specified Packets). Then upload to dropbox, google drive, whatever you have and post the shared link here.