On Sat, 11 May 2013, "Trent W. Buck" <trentbuck@gmail.com> wrote:
Russell Coker <russell@coker.com.au> writes:
As an aside, 3G Internet access is not designed for servers (unless you pay significant extra fees) and generally doesn't allow inbound connections. The way to solve this is to have a script run "ssh -R $NUMBER:localhost:22 mothership" when the system starts up. Then on the mothership host you run "ssh -p $NUMBER root@localhost" to login to the 3G connected system.
That can hit TCP-in-TCP resend fights.
I don't believe that ssh -L/-R will do that. In such a configuration I don't think you have TCP packets tunnelled in ssh (in the normal case ssh isn't running as root and I don't believe it has the ability to do that if it wanted to).
ssh -w/-L/-R useful for ad-hoc infrastructure, but recommend openvpn instead for long-term, permanent setup.
Masquerading a TCP connection is a lot easier than doing so for a UDP connection and I think it's more likely to be done correctly. Using TCP for OpenVPN causes the TCP-in-TCP problems you reference.
Also had problems in field with ssh -w dying when either end dies; autossh was suggested as fix but it felt icky; switching to openvpn was easier.
I haven't tried ssh -w. But ssh -R works well for me on many systems on the Telstra NextG network. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/