On Sat, 11 May 2013, "Trent W. Buck" <[email protected]> wrote: > Russell Coker <[email protected]> writes: > > As an aside, 3G Internet access is not designed for servers (unless > > you pay significant extra fees) and generally doesn't allow inbound > > connections. The way to solve this is to have a script run "ssh -R > > $NUMBER:localhost:22 mothership" when the system starts up. Then on > > the mothership host you run "ssh -p $NUMBER root@localhost" to login > > to the 3G connected system. > > That can hit TCP-in-TCP resend fights.
I don't believe that ssh -L/-R will do that. In such a configuration I don't think you have TCP packets tunnelled in ssh (in the normal case ssh isn't running as root and I don't believe it has the ability to do that if it wanted to). > ssh -w/-L/-R useful for ad-hoc infrastructure, but recommend openvpn > instead for long-term, permanent setup. Masquerading a TCP connection is a lot easier than doing so for a UDP connection and I think it's more likely to be done correctly. Using TCP for OpenVPN causes the TCP-in-TCP problems you reference. > Also had problems in field with ssh -w dying when either end dies; > autossh was suggested as fix but it felt icky; switching to openvpn was > easier. I haven't tried ssh -w. But ssh -R works well for me on many systems on the Telstra NextG network. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/ _______________________________________________ luv-main mailing list [email protected] http://lists.luv.asn.au/listinfo/luv-main
