I have setup a wg tunnel between a cloud server VM (dina) and my home
network (mirror is my main router). Both run the last release of OpenBSD.
Globally, it works fine. I have notably syslog messages in that tunnel.
But trying to ssh into the vm is holding, I have no clue why :
stephane@blackblock:/etc ssh -v dina
debug1: OpenSSH_10.2, LibreSSL 4.2.0
debug1: Reading configuration data /home/stephane/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to dina [fd00:22:dec:f::2] port 22.
debug1: Connection established.
debug1: loaded pubkey from /home/stephane/.ssh/id_rsa: RSA
SHA256:t4hgwNR+4HnH+SubumTfG6Zn//SiwID0XaMLZetWcVY
debug1: identity file /home/stephane/.ssh/id_rsa type 0
debug1: no identity pubkey loaded from /home/stephane/.ssh/id_rsa
debug1: no pubkey loaded from /home/stephane/.ssh/id_ecdsa
debug1: identity file /home/stephane/.ssh/id_ecdsa type -1
debug1: no identity pubkey loaded from /home/stephane/.ssh/id_ecdsa
debug1: no pubkey loaded from /home/stephane/.ssh/id_ecdsa_sk
debug1: identity file /home/stephane/.ssh/id_ecdsa_sk type -1
debug1: no identity pubkey loaded from /home/stephane/.ssh/id_ecdsa_sk
debug1: loaded pubkey from /home/stephane/.ssh/id_ed25519: ED25519
SHA256:Dl3Obcw1qFnntyNcPkOy+TG4+82FVtHcsNfT2LD4K6E
debug1: identity file /home/stephane/.ssh/id_ed25519 type 2
debug1: no identity pubkey loaded from /home/stephane/.ssh/id_ed25519
debug1: no pubkey loaded from /home/stephane/.ssh/id_ed25519_sk
debug1: identity file /home/stephane/.ssh/id_ed25519_sk type -1
debug1: no identity pubkey loaded from /home/stephane/.ssh/id_ed25519_sk
debug1: Local version string SSH-2.0-OpenSSH_10.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_10.2
debug1: compat_banner: match: OpenSSH_10.2 pat OpenSSH* compat 0x04000000
debug1: Authenticating to dina:22 as 'stephane'
debug1: load_hostkeys: fopen /home/stephane/.ssh/known_hosts2: No such
file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or
directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or
directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: mlkem768x25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: [email protected] MAC:
<implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC:
<implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
Connection closed by fd00:22:dec:f::2 port 22
Here is the router if config (the router is server for the tunnel) :
stephane@mirror:/home/stephane ifconfig
lo0: flags=2008049<UP,LOOPBACK,RUNNING,MULTICAST,LRO> mtu 32768
index 4 priority 0 llprio 3
groups: lo
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
inet 127.0.0.1 netmask 0xff000000
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:e0:67:26:67:88
index 1 priority 0 llprio 3
media: Ethernet autoselect (1000baseT full-duplex)
status: active
em1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:e0:67:26:67:89
index 2 priority 0 llprio 3
media: Ethernet autoselect (1000baseT full-duplex,rxpause,txpause)
status: active
inet6 fe80::2e0:67ff:fe26:6789%em1 prefixlen 64 scopeid 0x2
inet6 fd00:22:dec:e2::1 prefixlen 64
inet 10.0.0.1 netmask 0xffff0000 broadcast 10.0.255.255
inet6 2a05:f6c7:de1::1 prefixlen 64 pltime 217 vltime 217
enc0: flags=0<>
index 3 priority 0 llprio 3
groups: enc
status: active
vlan101:
flags=a48843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,AUTOCONF6TEMP,AUTOCONF6,AUTOCONF4>
mtu 1500
lladdr 00:e0:67:26:67:88
index 5 priority 0 llprio 3
encap: vnetid 101 parent em0 txprio 0 rxprio 0
groups: vlan egress
media: Ethernet autoselect (1000baseT full-duplex)
status: active
inet6 fe80::2e0:67ff:fe26:6788%vlan101 prefixlen 64 scopeid 0x5
inet 89.150.157.50 netmask 0xfffff800 broadcast 89.150.159.255
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33136
index 6 priority 0 llprio 3
groups: pflog
wg0: flags=80c3<UP,BROADCAST,RUNNING,NOARP,MULTICAST> mtu 1420
index 7 priority 0 llprio 3
wgport 400
groups: wg
inet6 fd00:22:dec:f::1 prefixlen 64
Suggestion as to what to improve that ?
Thank you per advance.
