Help please : ssh tunnelling

rdebeer · March 23, 2011, 10:22am

Hi

Im in need of some assistance, i have recently came across these wonderful creations of mikrotik. Im looking to replace our current firewall solutions. One of the requirements i need to be able to do is tunneling via ssh.
Take vnc as example. I use putty as client tool, setup a new session connecting to the wan (public) ip of my mikrotik board
i add a tunnel, source port eg 5901 and destination 192.168.0.3:5900 (a server behind router with vnc running)

I connect the vnc session, i open my vnc client, use 127.0.0.1:5901 and i get a password request. After i type in password, i can for a brief second see the desktop on the remote pc behind routerboard, then looses it and get a error on my putty session saying strange packet received type 3
I cannot substitute this for vpn for many reasons

Can anybody please assist me on getting this working?

I thank you in advance for your trouble

mardikas · March 28, 2011, 7:38pm

Hi!

I have a similar problem with rdebeer.

I was using RouterOS ver 3.24 for ssh tunneling for Windows Remote Desktop and it was working ok. Then upgraded to 5.0rc11 and get exactly the same errors with PuTTY “strange packet received type 3”

I also set in my router settings “ip ssh forwarding-enabled=yes” according to the manual: http://wiki.mikrotik.com/wiki/Manual:IP/SSH

Thanks for the help!

rdebeer · March 29, 2011, 4:24pm

If i ssh straight from terminal eg ssh -p 222 admin@172.20.22.133 -L 5961:10.1.0.101:5900, my vnc works fine, and after a while i get this critical log echoing on my ssh tunnel to routeros:
[admin@MikroTik] > client_input_channel_req: unexpected channel 2
if i go check log, i cant find anything

if i use putty, i loose my connection, both vnc and ssh session. Putty error reports: Strange packet receive :type3
I find this in the mikrotik log:
ssh,error data not aligned to blocksize
17:42:49 ssh,error bad packet MAC
17:42:49 ssh,error packet not valid

If i do the same from windows, putty spits back : Strange packet received type100
Using ultravnc, if i switch the graphics lower for the connection, i get to work for few seconds, depending on how much change on screen, i loose connection

Please, someone help, we cant be the only 2 people with this problem in the whole wide world?

abeggled · March 31, 2011, 8:47am

No, we are minimum 3 of them:(

I can’t tell with which ROS version the problem started, with 5.0 RC3 it worked for me, with 5.0 RC7 it doesn’t.

rdebeer · March 31, 2011, 9:46am

I havnt tried earlier versions, as soon i get chance i will and post back. im currently using 5rc11. Thnx for posts, good to know im not the only one

abeggled · April 8, 2011, 8:10pm

For me it’s working again with 5.0 RTM

ditonet · April 8, 2011, 10:21pm

@abeggled

For me it’s working again with 5.0 RTM

On which RouterBoard is it working for you?
I’ve same problem as described by rdebeer, on RB433AH with latest ROS ver. 5.1.

Regards,

abeggled · April 9, 2011, 10:33am

450G

rdebeer · April 12, 2011, 8:47am

Im using 411

janisk · April 12, 2011, 11:53am

thanks for reports, i am looking into it.

megajuras · February 6, 2012, 11:26pm

I have rb750 at home.

> /system routerboard print
       routerboard: yes
             model: 750
     serial-number: 260A015FA812
  current-firmware: 2.38
  upgrade-firmware: 2.38
> /system package print
Flags: X - disabled
 #   NAME                    VERSION                    SCHEDULED
 0   system                  5.12
 1   ppp                     5.12
 2   security                5.12
 3   user-manager            5.12
 4   advanced-tools          5.12
 5   routing                 5.12
 6   mpls                    5.12
 7   routerboard             5.12
 8   hotspot                 5.12
 9   multicast               5.12
10   ipv6                    5.12
11   ntp                     5.12
12   dhcp                    5.12

SSH tunnels were working from my office where I work. Now I’m abroad, putty config imported from regedit. Connecting from hotel’s WiFi, and when I open any page via ssh tunnel to web-proxy on my RB i’m getting “strange packet type 3”.
As I said before - from my office it’s running (2 tunnels: rdp and proxy) 99.9% OK for few hours a day.

Hope this help a little.

PS:
99.9% because CSS are not working (i.e. wikipedia) via web-proxy - but that’s not the subject..

janisk · February 7, 2012, 6:48am

could you get debug output from client when creating tunnel (verbose output) and debug logs from ssh server when connection fails (preferably without any other ssh stuff going on)

megajuras · February 7, 2012, 4:29pm

Just tell me how to do it

megajuras · February 18, 2012, 2:01am

I leaved the hotel. Anyway - I was extremaly busy, so even U provide me with copy-paste instructions it will be very hard do do anything there.

Sorry.

Just be aware that this error depends on the network configuration from which (the network) client is connecting.

webformix · April 30, 2012, 9:31pm

Sorry to bump an old thread, but I’ve run into this problem and just found a few short-term solutions on this related thread in the cisco forums:

https://supportforums.cisco.com/thread/2013927

The consensus appears to be, at least partially, that this is a bug (or unexpected behavior or ssh-server incompatibility) with the newest putty client. But I have reproduced the issue in Putty v0.60 connecting to RB1100AH running RouterOS v5.14.

1> try using another ssh client, such as Linux or Cygwin or SecureCRT or whatnot (I can confirm Cygwin gets me through so far. )

2> Try changing some settings:
In putty config go in Connection->SSH->Kex
Change
Max minutes before rekey to 0
Max data before rekey to 0

If MT devs are interested in resolving or better understanding this issue from their end, try downloading a 0.60 copy of Putty for Windows and see if you can reproduce (optionally set the re-key interval to a low, non-zero number to help coax the gremlin out) and if that don’t do it, email me at support@webformix.com and I can try to get some verbose debug output for ye.

Good luck, sirs!

rex3x · May 31, 2012, 9:33am

My experiences today about this problem:
My RB750 software is 5.15
I got new laptop and after that the tunneling didnt work any more.
And I “found the reason”.
In my old laptop i use putty release 0.60, but for new laptop I download new version of putty 0.62(beta). This is only available version on putty download page.
Result: if I use putty release 0.62 the tunneling doesnt work, but if I install putty release 0.60 the tunneling works well.

Happily I found putty 0.60 installation package from my old laptop
I didnt try putty 0.61, because I dont have this software.

jacekarwal · October 9, 2012, 9:38am

I have the same problem. RouterOS 5.6 , RB 433. Changing ( in putty 0.62 ) connection → ssh → kex → max minutes and max data parameters to 0 does not solve this problem.