netbsd-help: Re: SSH and NAT and re-connections.

Subject: Re: SSH and NAT and re-connections.
To: Richard Rauch <rauch@rice.edu>
From: Manuel Bouyer <bouyer@antioche.eu.org>
List: netbsd-help
Date: 11/10/2002 20:38:40
On Sun, Nov 10, 2002 at 12:00:32AM -0600, Richard Rauch wrote:
> In the past, my DSL connection has never dropped the ball on me while I
> was "live".  Tonight, I had my ssh connection suddenly freeze on me while
> I was paused staring at a piece of email.  The following event was
> displayed on prometheus (my network gateway/DSL router, running NetBSD
> 1.6):
> 
> Nov  9 23:22:34 prometheus /netbsd: pppoe0: LCP keepalive timed out, going to restart the connection
> Nov  9 23:22:49 prometheus /netbsd: pppoe0: received unexpected PADO
> 
> (I didn't check the time carefully, so I don't know when that happened
> exactly.)
> 
> Although prometheus claimed to be restarting the connection, my SSH
> connection (forwarded by prometheus, using NAT) seemed completely dead.
> I wasn't sure if the DSL link was even live.  So I made sure that the link
> was dead (manually) and restarted it.  Then I ssh'ed back in with another
> process.
> 
> 
> My question:  Should ssh be able to survive that?  My thought is that it
> can't, because my IP number necessarily changed.  Unless ssh is a lot
> brighter than I give it credit for...  (^&

A TCP connection can't survive if the IP address changed. ssh isn't
designed to restart a tcp connection for the sme session.

> 
> My next question, if the asnwer to that question is "not by default": Is
> there a way to configure ssh to do a better job (maybe to
> renegotiate---even if I have to resupply a password---to get reconnected)?
> (I suppose I could just use GNU screen to reattach to the process...  But
> this seems like the sort of thing that ssh *could* handle, and by putting
> it all into ssh, it would let me reattach X sessions, etc., not just
> consoles...)

No, it's not handled by ssh. This would require a protocol change.

> 
> My last question, since I'm on the subject of transient connections: How
> much trouble is it to get NetBSD's 1.6 pppoe device to automatically
> raise/lower on network activity?  I've never done this kind of thing.  I
> would check PPP to see what it can do, but I know that pppoe doesn't quite
> fully use PPP (defaultroute support seems to be dropped), so before I

NetBSD's pppoe doesn't use the ppp daemon, all is happening in kernel.

> spend a day trying to find out why I can't get on-demand connections to
> work, I thought that I'd ask where I should start looking.  (^&  Or does
> anyone do on-demand connects with NetBSD?

pppoe should be able to do it. Try:
ifconfig pppoe0 link1
You may also want to tweak the idle-timeout parameter with pppoectl

-- 
Manuel Bouyer <bouyer@antioche.eu.org>
     NetBSD: 23 ans d'experience feront toujours la difference
--