Unable to ssh from while logged into proper VPN

Hello all,
I’m running opensuse 11.3, trying to log into a remote server that is part of a VPN. I haven’t had problems with this before, but recently I’ve done a lot of network tinkering and wonder if I’ve accidentally changed some settings. The connection is coming from my tethered phone (if that makes any difference), but I suspect that isn’t the problem since I am able to connect to the VPN and ssh into the server from my phone successfully.

I have verified that the connection works, and am successfully logged into the VPN using kvpnc. When I try to ssh, I get

ssh: connect to host (my server) port 22: Connection refused

I had the same problem earlier, but deleting my ~/.ssh/known_hosts file fixed the problem since the next time I tried to log in, it was regenerated correctly. I have tried the same fix this time, but the problem persists. Both sshd and ssh-agent are running. Also, while logged into the VPN, I am able to ping google.ca as well as ping my server (if any of that makes any difference).

UPDATE: after repeated tried logging in and out of the VPN, re-deleting my known_hosts file again, and a few log ins and outs of my PC for good measure, I have managed to log in successfully to my server after regenerating the known_hosts file and making no other changes. Surely the problem lies there. What can I do to avoid this?

Does anyone have any suggestions? Thank you very much, in advance.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Connection refused should never have meant a problem with your
known_hosts file… are you sure the error was identical last time?
Doesn’t matter now, but that shouldn’t be what you see when there’s a
problem in the known_hosts file.

Anyway, this message means either the server or something posing as the
server is actively telling your SSH client to go away. In SUSE land
this happens if the server’s firewall is open but nothing is listening
(sshd is stopped). You mentioned you can SSH to the box from your
phone, so that rules out the sshd client being stopped (assuming both
your box and the phone are actually reaching the same server… DNS
issues could cause one box to go one place and the phone to another)
which makes me think the VPN is breaking the connection for some reason.

It may be interesting to SSH into the server (from your phone) and then
tail /var/log/messages:

sudo tail -f /var/log/messages

While doing that, try to access the server from the machine that fails.
If you do not see anything then I’d guess it’s blocked sooner than
that. To be sure you could watch for data with tcpdump:

sudo /usr/sbin/tcpdump -n -s 0 port 22 and host workstation.ip.goes.here

With that command you’ll need to put in your workstation’s (broken
box’s) IP address or you’ll see your phone’s SSH connection’s trace
information which will be a nice infinite loop that you’ll hate.

Good luck.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPdfyyAAoJEF+XTK08PnB5prcP/RKLmkI5Ry//+mva8XNkYo/F
7N8yQYX2vMru9RrEseMVB3FOFdu4ywPl3AojUE5H49K4GR/xjzbVIlIyvVOGaV6c
brkA1NVR4NCtWMSjaDu81+v+/QbSpzEaZYTNyrpI9ercfpgStPw/14VCIptD5+pV
8jYcC6h2INZ+j0xTon9ubTVuVaJ9MM22qKPgUxfuDRQMP/Oy/AMuLUklLPUqx8vb
YijsaS1MT+/18+oBwYus/ZfPG8SQEvIadC8bJwzypR+TgBwn097F5AIrKS0smj/1
prFcVmopdZmZqmCoJdCad+O3iuguxviGaMENshikrvPo+5EDs7GoW3lVqLhFljol
ZKBigkheu1HhlQeaLao2+lWBS+jVie8qXkFMi9Ht6q2BxXbgbf7FUEtC59gezDdc
3wcfL0tTGsyy/xEVFI0nCslndw3j74++02gu0L9lHcHgzMddoThNCrjoi0+VfHpe
FG/tGy1ptNaS4AgV5Pj3cjSxkVLWunNBcKgHu1MPXtVyk5C1KOaiEqIoRPEWKjTK
S5Xent0A8SDjMqrxJLnDl7juY13D+PamtxiQWRAn0/mCdpJCZUEmrDZ6qp7gTFtW
2mlTJwblWbhLoOHvX7m3TKOiCIpxm9ym3gHUt7eqwBTFDyVd92QYoxJQm545zFPO
XGeJsIyxYayOulFjYCea
=CHkn
-----END PGP SIGNATURE-----

Thanks very much for your advice. The trouble is that I don’t have root access on the server, so I can’t issue any of those commands. Also, can’t remember if I mentioned it, but the internet connection provided to my laptop is through my phone’s usb tether. I have the VPN turned off on my phone, but am accessing it from my computer (as opposed to enabling the vpn on the phone, tethering it, then trying to log in with my laptop, which I tried but it didn’t work). Perhaps this narrows the issue down to kvpnc? I do find it buggy…sometimes when it won’t open because the su password dialog doesn’t pop up, while other times I simply can’t connect at all.
Are there any options that I can explore from the computer I’m trying to log in with? I have root access for that, of course!

Are You using kvpnc through NetworkManager applet ? If yes look at the NetworkManager logs.

Another question would be whether You’re using knetworkmanager or plasmoid-networkmanagement and which KDE version (knetworkmanager is not developed any more and has lots of bugs) ? If you’re using the default that came with openSUSE 11.3 than it’s very old and was quite buggy. You can always update to a supported openSUSE version for example 11.4 and update KDE to 4.8.

Best regards,
Greg

Hi there. I’m not sure what you mean by using kvpnc ‘through’ NetworkManager, but my wireless connection is handled by knetworkmanager, the same one that came with the 11.3 distro, and then I open kvpnc. The VPN is not configured through NetworkManager (i.e. using the VPN settings tab). I’m using KDE 4.4.4 release 3. I’ve noticed that knetworkmanager is buggy, it’s given me many problems in the past, are you suggesting tat this might be remedied by simply updating my OS? I know that 11.3 has been EOLed but I don’t have the time right now to do the upgrade to 12.1.

Yes I think a simple update might help but I’m not sure it will.

Best regards,
Greg