So I set up a VPN qube and SSH worked, but now that I’ve let my VPN sub expire and have switched back to using sys-firewall without the VPN, I can no longer ssh into my remote server or git push/pull using ssh.
Ininitially I was getting port 22: Network is unreachable as the error, but then I forced SSH to use ipv4 and am not getting port 22: Connection timed out.
I have the default firewall configurations on all of my qubes (Allow all outgoing connections).
The picture looks like this: AppVM --> sys-firewall --> sys-net.
Any pointers? I am really at a loss on this one.
Its not the server or my home network because I can ssh into the server from my Mac no problem. The only thing I can think it might be is some network level blocking of linux machines and ssh
No I haven’t been able to SSH anything. I noticed it while coding and I tried to git push but it was the first time doing it after my VPN sub expired and I switched the networking from sys-vpn to sys-firewall.
Web pages load and everything works fine on my web browser. HTTPS works, I had to switch my git URLs to HTTPS to push my code.
Try using sys-whonix as the netvm. It doesn’t really help troubleshooting but it may let you use ssh for git again if your server just hates your public ip for some reason.
Did you configure some firewall rules in the AppVM qube? This would explain why it works with whonix as a netvm, as it does not support holding firewall rules. You might have a rule allowing port 443 to everywhere, this would explain why it’s working for git over https or websites in general.
Maybe a specific ssh configuratoin in ~/.ssh/config?
Does it work if you run ssh from sys-net, I’m not saying to login from there, but at least, does it prompt for the public key? If so, could you try the same from sys-firewall?
From memory: You could get some information from traceroute - it should let you do a tcp scan to port 22, and will at least give an idea of the number of hops to the problem…
I think I have used this in the past… man traceroute seems to confirm - it just needs the right options.
Ok I just went to a cyber cafe and it works on their network. I notice my VPN uplink icon is gone now though. I’m going to home and see if it comes back. Stay tuned.
Maybe you did something on your ISP router that blocks yourself? If it works on another computer (the Mac), try to set the IP manually on the network in sys-net and see if it works?
There are absolutely no reasons for an ISP to block Linux users.
That would be surprising to be blocked for using Linux with ssh… But it doesn’t leave many possibilities.
ipv6-only somewhere, if you’re forcing to ipv4?
Does the mac use ipv6?
Home router -like @solene says, filtering on macid, or on a static ip? Is it a wired net connection?
Did you try traceroute? It should point to the guilty router/host, as you’ll get responses up to the one that is dropping your packets. Then it will just get no response for further away routers. Unless it’s the inbound packets that are not getting back.
Try wireshark in a clone or a disposable of your sys-net? Should see both outgoing and any incoming… You should also be able to watch your Mac, if it’s on the same ethernet, to compare. Throw the clone away when finished with it.
What differences are there between packets from a Mac and your sys-net that could be used to block you?
I appreciate the troubleshooting tips, but given that I’ve decided to renew my VPN subscription (I was thinking of doing it anyway) I will leave this issue for the time being (there’s only so much time in the day).
If I encounter it again in the future I’ll be sure to post back here after troubleshooting.