[Bug 817152] New: openconnect frequently drops connection
https://bugzilla.novell.com/show_bug.cgi?id=817152 https://bugzilla.novell.com/show_bug.cgi?id=817152#c0 Summary: openconnect frequently drops connection Classification: openSUSE Product: openSUSE 12.3 Version: Final Platform: x86-64 OS/Version: openSUSE 12.3 Status: NEW Severity: Major Priority: P5 - None Component: Network AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: zadeck@naturalbridge.com QAContact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0 openconnect frequently drops the connection. This appears to be related to the kind of traffic sent along the line. it can stay up for days doing certain kinds of traffic, but will reliably fail for others, such as doing "rsync -arvz" of a git repository. There are many other kinds of traffic that this fails with, but this kind of traffic is pretty easy to reproduce. the tail of my /var/log/messages file contains 2013-04-25T08:14:20.512159-04:00 moria openconnect[8282]: DTLS handshake failed: 1 2013-04-25T08:14:20.512683-04:00 moria openconnect[8282]: 140662808966888:error:14102410:SSL routines:DTLS1_READ_BYTES:sslv3 alert handshake failure:d1_pkt.c:1166:SSL alert number 40 2013-04-25T08:15:40.961482-04:00 moria openconnect[8282]: DTLS handshake failed: 1 2013-04-25T08:15:40.962343-04:00 moria openconnect[8282]: 140662808966888:error:14102410:SSL routines:DTLS1_READ_BYTES:sslv3 alert handshake failure:d1_pkt.c:1166:SSL alert number 40 if there is some other logging i can turn on and get to you, send directions. Reproducible: Always Steps to Reproduce: 1.use networkmanager openconnect to connect to your vpn 2.do an rsync -arvz some git repo to a remote machine. 3.wait for the crash. Actual Results: the above is everything i know. Expected Results: not dropped the connections -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=817152 https://bugzilla.novell.com/show_bug.cgi?id=817152#c1 --- Comment #1 from kenneth zadeck <zadeck@naturalbridge.com> 2013-04-25 12:29:31 UTC --- I also have an ubuntu 12-4 system that i use to connect to the same vpn. it works fine. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=817152 https://bugzilla.novell.com/show_bug.cgi?id=817152#c2 Robert Munteanu <robert.munteanu@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |robert.munteanu@gmail.com --- Comment #2 from Robert Munteanu <robert.munteanu@gmail.com> 2013-04-29 20:39:31 UTC --- I have the same problem. Basically openconnect is broken for 12.3 . The error message that I get is Connected tun0 as x.x.x.x using SSL DTLS handshake failed: 2 SSL wrote too few bytes! Asked for 1363, sent 0 Send BYE packet: Internal error SSL_write failed: 1 140729520527080:error:1409F07F:SSL routines:SSL3_WRITE_PENDING:bad write retry:s3_pkt.c:871: Fedora has tracked this bug at https://bugzilla.redhat.com/show_bug.cgi?id=845636 and the upstream fix seems to be http://git.infradead.org/users/dwmw2/openconnect.git/commit/fddb099d9f6c25d5... . Please considering applying the patch and releasing an update. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=817152 https://bugzilla.novell.com/show_bug.cgi?id=817152#c3 --- Comment #3 from Robert Munteanu <robert.munteanu@gmail.com> 2013-04-29 21:28:30 UTC --- Upgraded OpenConnect to 4.09 with https://build.opensuse.org/request/show/173851 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=817152 https://bugzilla.novell.com/show_bug.cgi?id=817152#c4 --- Comment #4 from Bernhard Wiedemann <bwiedemann@suse.com> 2013-04-30 14:00:08 CEST --- This is an autogenerated message for OBS integration: This bug (817152) was mentioned in https://build.opensuse.org/request/show/173942 Factory / openconnect -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=817152 https://bugzilla.novell.com/show_bug.cgi?id=817152#c5 --- Comment #5 from Bernhard Wiedemann <bwiedemann@suse.com> 2013-05-02 13:00:06 CEST --- This is an autogenerated message for OBS integration: This bug (817152) was mentioned in https://build.opensuse.org/request/show/174272 Maintenance / -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=817152 https://bugzilla.novell.com/show_bug.cgi?id=817152#c Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard| |obs:running:1657:moderate -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=817152 https://bugzilla.novell.com/show_bug.cgi?id=817152#c Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|obs:running:1657:moderate | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=817152 https://bugzilla.novell.com/show_bug.cgi?id=817152#c6 Ye Yuan <yyuan@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |yyuan@suse.com AssignedTo|bnc-team-screening@forge.pr |bili@suse.com |ovo.novell.com | --- Comment #6 from Ye Yuan <yyuan@suse.com> 2013-05-29 04:44:46 UTC --- Bin, I guess you can take a look at it, if not please feel free to kick it back, thank you! -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=817152 https://bugzilla.novell.com/show_bug.cgi?id=817152#c7 Michael Karbach <michael@karbach.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |michael@karbach.org --- Comment #7 from Michael Karbach <michael@karbach.org> 2013-05-30 12:00:59 UTC --- Same problem for me! Also after upgrading to tumbleweed for networkmamnager and related components. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=817152 https://bugzilla.novell.com/show_bug.cgi?id=817152#c8 Robert Munteanu <robert.munteanu@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED --- Comment #8 from Robert Munteanu <robert.munteanu@gmail.com> 2013-05-30 12:15:42 UTC --- An update was delivered for 12.3 ( I'm running it ) and it definitely landed in Factory. I guess you need to ask greg k-h for inclusion in TW. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=817152 https://bugzilla.novell.com/show_bug.cgi?id=817152#c9 --- Comment #9 from kenneth zadeck <zadeck@naturalbridge.com> 2013-05-30 21:45:50 UTC --- This fix works for me. thanks. kenny -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=817152 https://bugzilla.novell.com/show_bug.cgi?id=817152#c10 --- Comment #10 from Michael Karbach <michael@karbach.org> 2013-05-31 06:13:34 UTC --- Sorry, could you point me please to the repro or the rpm-file? I Do not find openconnect-4.09. I only found older versions (4.08): http://download.opensuse.org/repositories/network/openSUSE_Factory/x86_64/ http://download.opensuse.org/factory/repo/oss/suse/x86_64/ Thanks -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=817152 https://bugzilla.novell.com/show_bug.cgi?id=817152#c11 --- Comment #11 from Robert Munteanu <robert.munteanu@gmail.com> 2013-05-31 11:32:48 UTC --- Sorry, I meant to say 4.08. There is no 4.09 version. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=817152 https://bugzilla.novell.com/show_bug.cgi?id=817152#c12 --- Comment #12 from kenneth zadeck <zadeck@naturalbridge.com> 2013-05-31 11:50:47 UTC --- the version that you get from doing an software update works just fine. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=817152 https://bugzilla.novell.com/show_bug.cgi?id=817152#c13 --- Comment #13 from Michael Karbach <michael@karbach.org> 2013-05-31 11:59:17 UTC --- You mean version: 4.08-3.4.1? Unfortunately not for me, I still get openconnect[13847]: Attempting to connect to server 132.195.255.198:443 openconnect[13847]: SSL negotiation with vpn.uni-wuppertal.de openconnect[13847]: Connected to HTTPS on vpn.uni-wuppertal.de openconnect[13847]: Got CONNECT response: HTTP/1.1 200 OK openconnect[13847]: CSTP connected. DPD 30, Keepalive 20 openconnect[13847]: Connected vpn0 as 132.195.118.202, using SSL + deflate .... openconnect[13847]: DTLS handshake failed: 2 openconnect[13847]: DTLS handshake failed: 1 openconnect[13847]: 140086103422696:error:14102410:SSL routines:DTLS1_READ_BYTES:sslv3 alert handshake failure:d1_pkt.c:1166:SSL alert number 40 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=817152 https://bugzilla.novell.com/show_bug.cgi?id=817152#c14 --- Comment #14 from kenneth zadeck <zadeck@naturalbridge.com> 2013-05-31 12:11:09 UTC --- It is possible that there was more than one bug buried here and the update only fixed the first one. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=817152 https://bugzilla.novell.com/show_bug.cgi?id=817152#c15 --- Comment #15 from Robert Munteanu <robert.munteanu@gmail.com> 2013-05-31 12:15:20 UTC --- (In reply to comment #13)
You mean version: 4.08-3.4.1? Unfortunately not for me, I still get
openconnect[13847]: Attempting to connect to server 132.195.255.198:443 openconnect[13847]: SSL negotiation with vpn.uni-wuppertal.de openconnect[13847]: Connected to HTTPS on vpn.uni-wuppertal.de openconnect[13847]: Got CONNECT response: HTTP/1.1 200 OK openconnect[13847]: CSTP connected. DPD 30, Keepalive 20 openconnect[13847]: Connected vpn0 as 132.195.118.202, using SSL + deflate .... openconnect[13847]: DTLS handshake failed: 2 openconnect[13847]: DTLS handshake failed: 1 openconnect[13847]: 140086103422696:error:14102410:SSL routines:DTLS1_READ_BYTES:sslv3 alert handshake failure:d1_pkt.c:1166:SSL alert number 40
Then please file a bug upstream and link it back here. I'm not sure what the problem is in your case. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=817152 https://bugzilla.novell.com/show_bug.cgi?id=817152#c16 --- Comment #16 from Michael Karbach <michael@karbach.org> 2013-05-31 12:33:12 UTC --- OK, thanks, done: https://bugzilla.novell.com/show_bug.cgi?id=822642 Michael -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=817152 https://bugzilla.novell.com/show_bug.cgi?id=817152#c17 --- Comment #17 from Swamp Workflow Management <swamp@suse.de> 2013-06-10 10:27:27 UTC --- openSUSE-SU-2013:0979-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 817152 CVE References: CVE-2012-6128 Sources used: openSUSE 12.3 (src): openconnect-4.08-3.4.1 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com