[Bug 742759] New: Https connection problems with active openvp tunnel
https://bugzilla.novell.com/show_bug.cgi?id=742759 https://bugzilla.novell.com/show_bug.cgi?id=742759#c0 Summary: Https connection problems with active openvp tunnel Classification: openSUSE Product: openSUSE 12.1 Version: Final Platform: x86-64 OS/Version: SuSE Other Status: NEW Severity: Major Priority: P5 - None Component: Network AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: knuckster@gmail.com QAContact: qa@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1 When I connect to my corporate VPN server with NetworkManager and openvpn no https connections work anymore. All software becomes unable to receive or send data through https protocol - be it a browser or a svn client. It does not depend on whether the remote host is located in my private network or on the public Internet. Http works fine anywhere though. This is definitely related to openvpn and NetworkManager since when I disconnect from the VPN server https starts working again. I connect to the Internet through a Wi-Fi router. I tried to turn off the firewall on my machine - no effect. The problem is reproduced not in 100% of the cases but still very often. My VPN connection properties are following: TLS certificate with with a password protected private key. The cypher is AES-128-CBC. I use openSuse-12.1, Gnome-3.2, NetworkManager-0.9.1.90, NetworkManager-openvpn-0.9.0. Reproducible: Sometimes Steps to Reproduce: 1. Establish a VPN connection to an openvpn server 2. Try to send something through https Actual Results: Https connections are cut off. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=742759 https://bugzilla.novell.com/show_bug.cgi?id=742759#c1 --- Comment #1 from Max Breev <knuckster@gmail.com> 2012-01-21 23:02:57 UTC --- I forgot to mention that it looks as if network packets were getting stuck somewhere - connection timeouts occur. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=742759 https://bugzilla.novell.com/show_bug.cgi?id=742759#c2 Dirk Mueller <dmueller@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO CC| |dmueller@suse.com InfoProvider| |knuckster@gmail.com --- Comment #2 from Dirk Mueller <dmueller@suse.com> 2012-01-23 22:07:17 CET --- does it work if you do "ip link set tun0 mtu 1000" ? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=742759 https://bugzilla.novell.com/show_bug.cgi?id=742759#c3 --- Comment #3 from Max Breev <knuckster@gmail.com> 2012-01-23 21:48:45 UTC --- (In reply to comment #2)
does it work if you do "ip link set tun0 mtu 1000" ?
Yes! That helped. Except the device was tap0, not tun0. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=742759 https://bugzilla.novell.com/show_bug.cgi?id=742759#c4 --- Comment #4 from Max Breev <knuckster@gmail.com> 2012-01-23 22:14:22 UTC --- I turns out, my Wi-Fi router supports only 1400 MTU for some reason. I think this is the cause of the problem. Thank you very much. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=742759 https://bugzilla.novell.com/show_bug.cgi?id=742759#c5 Dirk Mueller <dmueller@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|knuckster@gmail.com | AssignedTo|bnc-team-screening@forge.pr |vuntz@suse.com |ovo.novell.com | --- Comment #5 from Dirk Mueller <dmueller@suse.com> 2012-01-24 01:42:14 CET --- thats normal, openvpn adds additonal bytes, and DSL has a hard limit at a frame size of 14xx (I think 1492) bytes. if there is no config option to set the MTU in the NM plugin, perhaps it should be set by default. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=742759 https://bugzilla.novell.com/show_bug.cgi?id=742759#c6 Vincent Untz <vuntz@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |knuckster@gmail.com --- Comment #6 from Vincent Untz <vuntz@suse.com> 2012-01-24 07:15:38 UTC --- There's a MTU option, visible in nm-connection-editor. Can you try it out? (VPN tab, advanced button, General tab) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=742759 https://bugzilla.novell.com/show_bug.cgi?id=742759#c7 --- Comment #7 from Max Breev <knuckster@gmail.com> 2012-01-24 12:50:52 UTC --- (In reply to comment #6)
There's a MTU option, visible in nm-connection-editor. Can you try it out? (VPN tab, advanced button, General tab) Yes, that did the thing. Though it would be nice, if it was a default "auto" option, which could perform MTU discovery automagically?
-- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=742759 https://bugzilla.novell.com/show_bug.cgi?id=742759#c8 Vincent Untz <vuntz@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |RESOLVED InfoProvider|knuckster@gmail.com | Resolution| |UPSTREAM --- Comment #8 from Vincent Untz <vuntz@suse.com> 2012-01-24 13:13:16 UTC --- I'm not even sure something like "auto" would be possible for the VPN. In any case, that would have to be first done in openvpn. Feel free to file a bug upstream for that. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=742759 https://bugzilla.novell.com/show_bug.cgi?id=742759#c9 --- Comment #9 from Max Breev <knuckster@gmail.com> 2012-01-24 13:58:13 UTC --- OK. Thanks anyway. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com