6 Replies Latest reply on Mar 16, 2019 1:06 PM by rtaheri

    SSH connections dropped due to QoS flags

    quinn_jones Lurker

      I've started running into a problem with outbound SSH connections from a linux guest being dropped as soon as connection is established.  The issue is repeatable and fixable with a kludge that modifies QoS.


      The issue manifests itself by dropping the connection immediately after establishing it:

      $ ssh $host

      packet_write_wait: Connection to $host port 22: Broken pipe


      Enabling verbose flags (-v or -vvv) doesn't show anything remarkable.


      I've been in contact with my linux distribution's maintainers[1] and they have helped narrow the problem down to an issue with vmnat misbehaving.

      Because vmnat do not recognise AF21/CS1 DSCP flags, it'll send back a RST packet (don't know why) immediately upon received any packet having either flags, and finally break all ssh connection. (This happens soon after authentication since IPQoS applies during channel establish) [2]

      This is on VMWare Workstation 12 Player, version 12.5.9 build-7535481, running on Win 7 Enterprise.  My guest is running a current Linux kernel (4.9.95) and openssh 7.7_p1-r4 (though it seems like any software that uses QoS will have this problem.)


      Setting alternate QoS flags seems to work around the issue, e.g. ssh -o IPQoS=throughput ...



      [1] https://forums.gentoo.org/viewtopic-t-1082598.html

      [2] https://bugs.gentoo.org/658488#c3