[Bug 266598] if_ovpn(4) DCO module not supporting correctly IPv6 tunneling

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 266598] if_ovpn(4) DCO module not supporting correctly IPv6 tunneling"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Mon, 26 Sep 2022 06:38:41 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=266598

--- Comment #3 from Gert Doering <gert@greenie.muc.de> ---
I can not reproduce the tcpdump issue, but I can reproduce the SSH stall.

Setup:
 - OpenVPN Client with Linux-DCO, Server with FreeBSD-DCO.
 - SSH client on the Linux side, SSH server on the FreeBSD side
 - tcpdump running on both tunnel sides
 - initial SSH handshake passes, then

08:32:25.353401 IP6 fd00:abcd:114:2::1.22 > fd00:abcd:114:2::1001.54728: Flags
[P.], seq 2627:2671, ack 2086, win 1042, options [nop,nop,TS val 3092511785 ecr
3727979942], length 44
08:32:25.353420 IP6 fd00:abcd:114:2::1001.54728 > fd00:abcd:114:2::1.22: Flags
[.], ack 2671, win 501, options [nop,nop,TS val 3727979943 ecr 3092511785],
length 0
08:32:25.354086 IP6 fd00:abcd:114:2::1001.54728 > fd00:abcd:114:2::1.22: Flags
[P.], seq 2086:2642, ack 2671, win 501, options [nop,nop,TS val 3727979944 ecr
3092511785], length 556
08:32:25.564213 IP6 fd00:abcd:114:2::1001.54728 > fd00:abcd:114:2::1.22: Flags
[P.], seq 2086:2642, ack 2671, win 501, options [nop,nop,TS val 3727980154 ecr
3092511785], length 556
08:32:25.776229 IP6 fd00:abcd:114:2::1001.54728 > fd00:abcd:114:2::1.22: Flags
[P.], seq 2086:2642, ack 2671, win 501, options [nop,nop,TS val 3727980366 ecr
3092511785], length 556
...
08:34:15.540211 IP6 fd00:abcd:114:2::1001.54728 > fd00:abcd:114:2::1.22: Flags
[P.], seq 2086:2642, ack 2671, win 501, options [nop,nop,TS val 3728090130 ecr
3092511785], length 556

a 556 byte packet gets "stuck" - this is seen on the client side tcpdump, but
never show up on the server side tcpdump.

The initial handshake up to the "length 44" and "length 0" byte packets ARE
seen on the server side tcpdump, so generally, tcpdump is working fine:

08:32:25.352754 IP6 fd00:abcd:114:2::1.22 > fd00:abcd:114:2::1001.54728: Flags
[P.], seq 2627:2671, ack 2086, win 1042, options [nop,nop,TS val 3092511785 ecr
3727979942], length 44
08:32:25.353596 IP6 fd00:abcd:114:2::1001.54728 > fd00:abcd:114:2::1.22: Flags
[.], ack 2671, win 501, options [nop,nop,TS val 3727979943 ecr 3092511785],
length 0

This does not look related to MTU/MSS (FreeBSD DCO seems to do mssfix just
fine, I see packets coming out with mss 1360 - which is fine) - especially as
the packet that is eaten is small anyway.

-- 
You are receiving this mail because:
You are the assignee for the bug.