Hi Washington, On Tue, Jan 20, 2026 at 11:48:38AM +0000, Crystal Kolipe wrote: > On Tue, Jan 20, 2026 at 10:43:34AM +0300, Washington Odhiambo wrote: > > On Mon, Jan 19, 2026 at 8:08???PM Crystal Kolipe > > <[email protected]> > > wrote: > > > The problem is probably not with PF, but something else. > > > > > > > I haven't manipulated anything at all. It's a fresh OpenBSD install. > > Have you checked the configuration on the host? > > >From the information you have supplied so far, the configuration of the > OpenBSD client seems to be correct. > > > Your suggested commands show that it is running and listening on all > > interfaces for IPv4 and IPv6. > > OK, so it seems that: > > * PF is currently disabled, so this is not the source of the problem. > * SSHd is running and listening on all interfaces. > * Your ifconfig output looks correct. > * Your routing table looks correct. > * The OpenBSD vm is using 192.168.69.22 > * The host is using 192.168.69.1 > * You are able to ping the host from within the OpenBSD vm > * You are able to ping other hosts on the internet from within the OpenBSD vm > * Therefore ICMP traffic is correctly being routed out of and back to the > OpenBSD vm. > * You are assigning the IP address to the OpenBSD via DHCP, (rather than > setting a fixed address.) > > If this is all correct, I would now check: > > * Is TCP traffic being routed out of and back to the OpenBSD vm: > > openbsd# ftp -o -https://www.openbsd.org/ > > * Can you connect to an arbitrary high port that is listening on the OpenBSD > vm > from the host: > > openbsd# nc -l 192.168.69.22 2000 > host$ telnet 192.168.69.22 2000 > > As PF is currently disabled, you should be able to connect to port 2000 > without any additional configuration. In addition to the tings Crystal mentions here, I would check for any sshd log entries on the VM, and perhaps try connecting to the VM with ssh -v or ssh -vv (more v's give more detail).
I've seen ssh connections fail when the versions running on the client and server are far enough apart that they fail to negotiate a common set of ciphers. But if I remember correctly, in those situations the failures were not silent. But checking the logs is likely useful anyway. All the best Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://nxdomain.no/~peter/blogposts https://nostarch.com/book-of-pf-4th-edition "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
