gpg: Signature made Sat Sep 25 22:35:51 2021 UTC
gpg: using DSA key 0E4236CB52951E14536066222099B64CBF15490B
gpg: Good signature from "Andy Smith <andy@strugglers.net>" [unknown]
gpg: aka "Andrew James Smith <andy@strugglers.net>" [unknown]
gpg: aka "Andy Smith (UKUUG) <andy.smith@ukuug.org>" [unknown]
gpg: aka "Andy Smith (BitFolk Ltd.) <andy@bitfolk.com>" [unknown]
gpg: aka "Andy Smith (Linux User Groups UK) <andy@lug.org.uk>" [unknown]
gpg: aka "Andy Smith (Cernio Technology Cooperative) <andy.smith@cernio.com>" [unknown]
Hi Ian,
On Sat, Sep 25, 2021 at 11:17:33PM +0100, Ian Hobson wrote:
> I am trying to ssh back from my Bitfolk VPN into my home system, and it has
> stopped working.
>
> Traceroute shows the following....
>
> ian@hobsoni:~$ traceroute -4 109.51.83.178
> traceroute to 109.51.83.178 (109.51.83.178), 30 hops max, 60 byte packets
> 1 macallan.bitfolk.com (85.119.80.25) 0.249 ms 0.636 ms 0.566 ms
> 2 jump-gw-3.lon.bitfolk.com (85.119.80.3) 3.064 ms 3.533 ms 3.931 ms
> 3 t2.jump.net.uk (194.153.169.238) 0.370 ms 0.360 ms 0.400 ms
> 4 as2914.jump.net.uk (194.153.169.185) 0.601 ms 0.483 ms 0.658 ms
> 5 195.219.23.72 (195.219.23.72) 0.977 ms 0.862 ms 0.758 ms
> 6 if-ae-66-2.tcore1.ldn-london.as6453.net (80.231.60.144) 29.946 ms
> 31.290 ms 31.202 ms
> 7 * * *
> 8 if-ae-2-2.tcore2.l78-london.as6453.net (80.231.131.1) 30.463 ms 30.381
> ms if-ae-11-2.tcore2.sv8-highbridge.as6453.net (80.231.139.41) 29.692 ms
> 9 if-ae-2-2.tcore1.sv8-highbridge.as6453.net (80.231.139.2) 29.665 ms
> if-ae-19-2.tcore1.sv8-highbridge.as6453.net (80.231.138.21) 29.863 ms
> if-ae-2-2.tcore1.sv8-highbridge.as6453.net (80.231.139.2) 29.932 ms
> 10 if-ae-1-3.tcore1.pv9-lisbon.as6453.net (80.231.158.29) 33.713 ms 29.070
> ms 28.481 ms
> 11 if-ae-2-2.tcore2.pv9-lisbon.as6453.net (80.231.158.6) 28.858 ms 28.497
> ms 28.604 ms
> 12 195.219.214.18 (195.219.214.18) 28.540 ms 28.010 ms 28.446 ms
> 13 * * *
[…]
> What does this mean about 195.219.214.18?
It means that 195.219.214.18 doesn't want to pass the UDP datagrams
that traceroute uses. And probably all traffic destined for
109.51.83.178 since your SSH back the other way doesn't work.
What does it look like the other way? What does a TCP traceroute to
your SSH port look like? e.g.
$ sudo traceroute -T -p 22 macallan.bitfolk.com
traceroute to macallan.bitfolk.com (85.119.80.25), 30 hops max, 60 byte packets
1 aa-gw.localnet (192.168.1.254) 0.694 ms 1.067 ms 1.436 ms
2 3.a.gormless.thn.aa.net.uk (90.155.53.211) 8.367 ms 8.720 ms 8.997 ms
3 e.aimless.tch.aa.net.uk (90.155.53.45) 10.798 ms * *
4 xe-0-1-0-3-1.r04.londen05.uk.bb.gin.ntt.net (192.80.17.249) 11.395 ms 13.119 ms 13.215 ms
5 ae-7.r20.londen12.uk.bb.gin.ntt.net (129.250.4.140) 13.330 ms 13.445 ms 13.598 ms
6 ae-13.a03.londen12.uk.bb.gin.ntt.net (129.250.3.249) 15.918 ms 15.411 ms 15.489 ms
7 t5.jump.net.uk (194.153.169.188) 15.598 ms 9.626 ms 9.667 ms
8 c2.jump.net.uk (194.153.169.239) 11.082 ms c5.jump.net.uk (194.153.169.233) 10.722 ms 13.368 ms
9 macallan.bitfolk.com (85.119.80.25) 8.184 ms 9.719 ms 9.804 ms
Can you reach other IPs at BitFolk with a traceroute or mtr? Can you
reach
www.jump.net.uk with a traceroute or mtr?
For what it's worth I can't reach 109.51.83.178 from anywhere at
BitFolk so it's probably a total routing blackhole for all types of
traffic and probably both ways.
> And who do I contact to get things put right?
The IP 195.219.214.18 belongs to TATA communications but since you
aren't their customer and neither is BitFolk, it would be best for
you to ask your ISP why you can't reach the BitFolk IP and show them
your traceroute, since you are their customer and they should listen
to you.
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
