Cannot connect by SSH or gitlab at my home

Question

I am facing some issues when connecting to SSH and others services like gitlab. It just happens when connecting by Wi-Fi at home, as I am able to work with it when I am connected to any different one or using my mobile data, so it should be because my router. This internet service is a new contract with my provider so never could use it before.

I have called my ISP, they told me I am already out from the CG-Nat and I am able to open ports (as I though it was because this reason) and have the 22 added in my opened port list but it still not connecting when using SSH.

My router model is a Sercomm FG824CD and I opened the 22 port with these parameters:

• Device: Mydevicename
• IP LAN: 192.168.1.** (my device IP
• Protocolo: TCP
• Public port: 22
• Puerto LAN: 22

The only thing I don't understand, is that if I try to add my mobile phone's IP in order to use SSH as well from this phone, the router tell me ¨port 22 is still used, choose another port¨. But I don't get the point... what if I want to open this port for my phone? Can't I?

Sorry for my ignorance and thank you. I hope you can help me

[EDITED]

I have realise that my MacBook can connect SSH through Wi-Fi (can't with my Linux laptop), so maybe it’s not the router… I tried to connect SSH with my Manjaro Laptop and by my mobile phone which has a custom android version ( /e/project ) having no results.

Return of SSH when trying to connect by Wi-Fi:

ssh -v admin@*****.com
OpenSSH_8.6p1, OpenSSL 1.1.1k 25 Mar 2021
debug1: Reading configuration data /data/data/com.termux/files/usr/etc/ssh/ssh_config
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug1: Connecting to *****.com [123.456.789.10] port 22.
debug1: connect to address 123.456.789.10 port 22: Connection timed out
ssh: connect to host *****.com port 22: Connection timed out

Return of SSH when trying to connect by Mobile Data: (This works as it's not trough Wi-Fi)

OpenSSH_8.6p1, OpenSSL 1.1.1k 25 Mar 2021
debug1: Reading configuration data /data/data/com.termux/files/usr/etc/ssh/ssh_config
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug1: Connecting to u-u.monster [185.253.155.236] port 22.
debug1: Connection established.
debug1: identity file /data/data/com.termux/files/home/.ssh/id_rsa type 0
debug1: identity file /data/data/com.termux/files/home/.ssh/id_rsa-cert type -1
debug1: identity file /data/data/com.termux/files/home/.ssh/id_dsa type -1
debug1: identity file /data/data/com.termux/files/home/.ssh/id_dsa-cert type -1
debug1: identity file /data/data/com.termux/files/home/.ssh/id_ecdsa type -1
debug1: identity file /data/data/com.termux/files/home/.ssh/id_ecdsa-cert type -1
debug1: identity file /data/data/com.termux/files/home/.ssh/id_ecdsa_sk type -1
debug1: identity file /data/data/com.termux/files/home/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /data/data/com.termux/files/home/.ssh/id_ed25519 type -1
debug1: identity file /data/data/com.termux/files/home/.ssh/id_ed25519-cert type -1
debug1: identity file /data/data/com.termux/files/home/.ssh/id_ed25519_sk type -1
debug1: identity file /data/data/com.termux/files/home/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /data/data/com.termux/files/home/.ssh/id_xmss type -1
debug1: identity file /data/data/com.termux/files/home/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.6
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.9p1 Debian-10+deb10u2
debug1: compat_banner: match: OpenSSH_7.9p1 Debian-10+deb10u2 pat OpenSSH* compat 0x04000000
debug1: Authenticating to domain.com:22 as ‘admin’
debug1: load_hostkeys: fopen /data/data/com.termux/files/home/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /data/data/com.termux/files/usr/etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /data/data/com.termux/files/usr/etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:+UsoRJPg7pqOz0Ed7THprLgHSaOftnLZx9K+RK4er9k
debug1: load_hostkeys: fopen /data/data/com.termux/files/home/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /data/data/com.termux/files/usr/etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /data/data/com.termux/files/usr/etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host ‘domain.com’ is known and matches the ED25519 host key.
debug1: Found key in /data/data/com.termux/files/home/.ssh/known_hosts:4
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /data/data/com.termux/files/home/.ssh/id_rsa RSA SHA256:gkbJVeuPG13A8SrcRGhVQjJyRXqHhwMkgj0PWdgoA0Q
debug1: Will attempt key: /data/data/com.termux/files/home/.ssh/id_dsa
debug1: Will attempt key: /data/data/com.termux/files/home/.ssh/id_ecdsa
debug1: Will attempt key: /data/data/com.termux/files/home/.ssh/id_ecdsa_sk
debug1: Will attempt key: /data/data/com.termux/files/home/.ssh/id_ed25519
debug1: Will attempt key: /data/data/com.termux/files/home/.ssh/id_ed25519_sk
debug1: Will attempt key: /data/data/com.termux/files/home/.ssh/id_xmss
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /data/data/com.termux/files/home/.ssh/id_rsa RSA SHA256:
aBhj25nfhTWHMOwh9 t3o23t7mhew9eto23y0weimasu
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /data/data/com.termux/files/home/.ssh/id_dsa
debug1: Trying private key: /data/data/com.termux/files/home/.ssh/id_ecdsa
debug1: Trying private key: /data/data/com.termux/files/home/.ssh/id_ecdsa_sk
debug1: Trying private key: /data/data/com.termux/files/home/.ssh/id_ed25519
debug1: Trying private key: /data/data/com.termux/files/home/.ssh/id_ed25519_sk
debug1: Trying private key: /data/data/com.termux/files/home/.ssh/id_xmss
debug1: Next authentication method: password
admin@*****.com’s password:

When trying to connect localhost connected to the Wi-Fi it returns:

ssh -v u0_a153@localhost
OpenSSH_8.6p1, OpenSSL 1.1.1k 25 Mar 2021
debug1: Reading configuration data /data/data/com.termux/files/usr/etc/ssh/ssh_config
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug1: Connecting to localhost [127.0.0.1] port 22.
debug1: connect to address 127.0.0.1 port 22: Connection refused
ssh: connect to host localhost port 22: Connection refused

Answer 1

I had the exact same issue with the Sercomm FG824CD router form MasMovil. It would connect using ssh from windows, but it would not connect from mac. After close inspection of the ssh -vvvvv, I saw Mac ssh was issuing "debug3: set_sock_tos: set socket 3 IP_TOS 0x10" but windows ssh didn't.

So, it looks like the Sercomm router does not like the flags on TCP ToS enabled, they get filtered or something.

To fix that, you need to configure ssh to not use ToS, which you can do by setting the option ssh -o IPQoS=none host , or you can add that option in your ~/.ssh/config.