1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SSH Trouble

Discussion in 'Tomato Firmware' started by jbaker6953, Jul 27, 2007.

  1. jbaker6953

    jbaker6953 LI Guru Member

    I have a Linksys WRT54GS v1.1 running the latest Tomato firmware. I use Putty to tunnel an SSH connection from my work PC through the Linksys. I also have an Stunnel tunnel set up to behave similarly (from before I had Tomato).

    My problem is that when I initiate a download, HTTP or FTP, with Firefox (which is using Putty as the "proxy") the downloads are an unbearable 5k. They start out fast and then rapidly slow. When I use Stunnel the speeds are around 80k. I do not have QoS on and there is no other network activity. Tomato shows total TX bandwidth as 5k. I cannot yet tell if the problem is with Putty or with Dropbear, but it's definitely one of the two. I tried watching memory and CPU usage while a download is taking place, but Dropbear never goes above 2.5% and Putty never goes above 2%.

  2. ifican

    ifican Network Guru Member

    I would first make sure both are using the same encryption alg. And are you tunneling to the same machine or 2 different ones.
  3. jbaker6953

    jbaker6953 LI Guru Member

    There is no other machine to tunnel to. How do you see which algorithm Dropbear is using? They both *appear* to be using AES.
  4. ifican

    ifican Network Guru Member

    I dont know on dropbear, putty uses aes by default then switches to blowfish i believe and then 3des. I am not even sure it is the issue but it is a place to start. If one is doing 128aes and the other is doing256 that will account for some of the slowness. I suppose it just has to be tested always including sideways. Run one at a time then together, bringing one up first then the other and vice versa. If they are running to the same machine run one app then the other then both together. You should beable to narrow it down some, and then really start looking at things like encryption and how the application works. I will tell you this and i do not know way as i have never really thought bout it, but ssl seems to work much faster then ssh. I had always figured it was encryption but ..............
  5. jbaker6953

    jbaker6953 LI Guru Member

    The fact that CPU usage never exceeds 3% is a good indicator that the encryption is not the bottleneck. If the encryption were too hard to do fast enough to keep up with the download, the CPU would be pegged.

    I have tested it very simply. With both tunnels up at the same time, and proxy switcher on Firefox, I can switch between them and watch the bandwidth change with it. I am getting suspicious that the actual way Dropbear performs as an HTTP proxy is at fault. I base this on the fact that I do not have any slowness issues with UltraVNC running over the SSH tunnel. Even when I do file transfers through UntraVNC the speeds are fairly fast. When I download a large file from Firefox through the SSH connection my UltraVNC connection is slowed so much that the mouse pointer takes 5 or 10 seconds to respond to movement. It's as though Dropbear or Tomato has suddenly put a 5k cap on my TX speed.
  6. jbaker6953

    jbaker6953 LI Guru Member

    Further testing reveals more issues. If I set up the SSH tunnel and use it from my LAN, the speeds are as I would expect ... even though I'm using the WAN IP address to establish the tunnel.
  7. jbaker6953

    jbaker6953 LI Guru Member

    OK, here's the deal: When I set up a SOCKS tunnel from inside the LAN, it goes really fast. When I set up the identical tunnel from outside, the downloads are severely limited. From work I established the following connection with Putty:

    putty -D 8888 -p 1755 [home IP]

    When I download a copy of Firefox as a test, my speeds are limited to anywhere from 5k - 20k per second.

    When I close that connection and establish an stunnel connection like this:

    accept: 8080
    connect:[home IP]:1755

    I download at speeds around 80k. Since both connections are to the same port, it rules out any firewall issues between my work and home.

    So, in summary, after a lot of testing I have the following situation:

    Work -------[SSH]--------->Tomato:1755 = 5k - 20k
    Work -----[Stunnel]------->Tomato -----> LAN Machine:1755 = 60k - 80k
    LAN Machine -----[SSH]--->Tomato:1755 = 300k

    Any ideas?

Share This Page