When this first happened to me I thought it was just a one off oddity but yesterday when I returned on the ferry from France I saw *exactly* the same symptoms on two entirely different systems. It's hardly a big issue either just an inconvenience but I'd love to know why it happens.
On the DFDS ferries there is free WiFi available, no hassle, no login required, just an open SSID called DFDS-Pax. My laptop (running Ubuntu 13.10) and my tablet (Android 4.x) both connect to it quite happily.
It's reasonably usable as well, hardly lightning fast, but fine for browsing web pages etc.
However if I try and connect (from either tablet or laptop) using ssh it starts off OK but after some hundreds of characters it just slows down and stops never to pass another character. If I open another ssh session from the same device the same thing happens, i.e. it gets another few hundred characters through. It's not very consistent, sometimes it doesn't even manage to complete the ssh handshake sequence, but most times it gets to a command prompt and allows me a couple of commands before going to sleep. Anything that generates a lot of traffic (like starting up mutt) always hangs before it gets anywhere but a couple of 'ls' commands will sometimes work.
So what might be going on? It's not like ssh protocol is blocked completely so it's not that the port(s) are blocked, it's almost as if there's someone watching and, when they can't see what's being transferred, they stop the data.
Any ideas anyone? I suppose I could try a different port for ssh but as it's not specific port blocking I don't think this will fix it.
... and as I said, it's not very important, I don't often want to read my E-Mail while crossing the channel! :-) I'm just curious.
I've seen this quite often on the 3 mobile network recently. I can have blistering performance for web traffic, speedtest results in the order of 10Mb/s but throttled ssh sessions to the point I can't even use an interactive shell.
Funny thing is on 3 it seems to be a bit region specific. I think perhaps they do something like shuffle web traffic through a transparent proxy and anything else which requires direct access is severely throttled.
It's probably something like that or that ssh traffic just isn't recognised as legitimate so doesn't get some traffic management rule applied.
Generally for public wifi services like that my first step is to run up a VPN and route all my traffic through it as I just don't trust the operators (or the other users). Though that can mean you struggle even more with performance in some cases, most public hotspots do seem to work ok with it.
I've seen this quite often on the 3 mobile network recently. I can have blistering performance for web traffic, speedtest results in the order of 10Mb/s but throttled ssh sessions to the point I can't even use an interactive shell.
Funny thing is on 3 it seems to be a bit region specific. I think perhaps they do something like shuffle web traffic through a transparent proxy and anything else which requires direct access is severely throttled.
It's probably something like that or that ssh traffic just isn't recognised as legitimate so doesn't get some traffic management rule applied.
Generally for public wifi services like that my first step is to run up a VPN and route all my traffic through it as I just don't trust the operators (or the other users). Though that can mean you struggle even more with performance in some cases, most public hotspots do seem to work ok with it.
On Wed, Mar 19, 2014 at 10:38:37AM +0000, Wayne Stallwood wrote:
I've seen this quite often on the 3 mobile network recently. I can have blistering performance for web traffic, speedtest results in the order of 10Mb/s but throttled ssh sessions to the point I can't even use an interactive shell.
Sounds very similar doesn't it!
Generally for public wifi services like that my first step is to run up a VPN and route all my traffic through it as I just don't trust the operators (or the other users). Though that can mean you struggle even more with performance in some cases, most public hotspots do seem to work ok with it.
I'll have to look into using VPNs I think. Are there any good tutorials around?
On Wed, 19 Mar 2014 14:13:13 +0000 Chris Green cl@isbd.net allegedly wrote:
I'll have to look into using VPNs I think. Are there any good tutorials around?
Errrm....
http://lists.alug.org.uk/pipermail/main/2012-October/031375.html
Mick ---------------------------------------------------------------------
Mick Morgan gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312 http://baldric.net
---------------------------------------------------------------------
On Wed, Mar 19, 2014 at 02:34:02PM +0000, mick wrote:
On Wed, 19 Mar 2014 14:13:13 +0000 Chris Green cl@isbd.net allegedly wrote:
I'll have to look into using VPNs I think. Are there any good tutorials around?
Errrm....
http://lists.alug.org.uk/pipermail/main/2012-October/031375.html
Yes, I knew I had discussed it here. :-)
That is a while ago though, senility setting in.
On Wed, 19 Mar 2014 10:38:37 +0000 Wayne Stallwood wayne@digimatic.co.uk allegedly wrote:
I've seen this quite often on the 3 mobile network recently. I can have blistering performance for web traffic, speedtest results in the order of 10Mb/s but throttled ssh sessions to the point I can't even use an interactive shell.
Funny thing is on 3 it seems to be a bit region specific. I think perhaps they do something like shuffle web traffic through a transparent proxy and anything else which requires direct access is severely throttled.
It's probably something like that or that ssh traffic just isn't recognised as legitimate so doesn't get some traffic management rule applied.
I saw something similar to this on the t-mobile network a few yaers ago (but for TLS encrypted mail connections, not straight ssh). I commented at the time at :
http://baldric.net/2012/01/12/t-mobile-resets-its-policy/
Mike Cardwell over at grepular.com (referenced in the post above) wrote a pretty good post about the issue too. It is not beyond the realms of possibility that telcos are generally "discouraging" encrypted tunnels of any kind. So even a VPN may prove problematic. It may be worth experimenting with corkscrew to tunnel ssh over https (thus hiding the fact that you are using ssh).
Mick
---------------------------------------------------------------------
Mick Morgan gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312 http://baldric.net
---------------------------------------------------------------------
On 19/03/14 14:47, mick wrote:
Mike Cardwell over at grepular.com (referenced in the post above) wrote a pretty good post about the issue too. It is not beyond the realms of possibility that telcos are generally "discouraging" encrypted tunnels of any kind. So even a VPN may prove problematic. It may be worth experimenting with corkscrew to tunnel ssh over https (thus hiding the fact that you are using ssh).
I find generally VPN's work ok these days on both public WiFi and mobile data connections. They are often used by the business customers and therefore pretty much need to be supported. SSH is different because its use is really only prevalent amongst the techs.
On 20 March 2014 15:48, Wayne Stallwood ALUGlist@digimatic.co.uk wrote:
I find generally VPN's work ok these days on both public WiFi and mobile data connections. They are often used by the business customers and therefore pretty much need to be supported. SSH is different because its use is really only prevalent amongst the techs.
.. which is what makes it daft: SSH is generally low traffic, and used by the kind of people who probably "support" friends and family and therefore have disproportionate influence over their choice of networks.
What other "common" protocols open a connection, and keep it open, with very little traffic over the connection? I wonder if there's something in its characteristics. (I don't heavily use SSH over Three but when I have done so I haven't seen the problems being described here.)
Chris Green wrote:
Any ideas anyone? I suppose I could try a different port for ssh but as it's not specific port blocking I don't think this will fix it.
It may help. My understanding is that at least one of the major networks (I think the ex-Orange but I've not looked it up) has a breathtakingly stupid configuration... and that's coming from me, who has broken networks in some flabbergasting ways.
Whatever you do, do not yourself start port blocking while travelling. It can make the ferry journey last a very long time. (sorry :-) )
Regards,
-
Chris Green -
Mark Rogers -
mick -
MJ Ray -
Wayne Stallwood -
Wayne Stallwood