[Bug 280036] Data corruption over if_ovpn (OpenVPN DCO) observed

From: <bugzilla-noreply_at_freebsd.org>
Date: Fri, 28 Jun 2024 12:31:50 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280036

            Bug ID: 280036
           Summary: Data corruption over if_ovpn (OpenVPN DCO) observed
           Product: Base System
           Version: 14.1-RELEASE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: 3226388001@jcom.home.ne.jp

Steps to Reproduce:

- Run two instances (Host A and Host B) of FreeBSD using VMware player on
Windows

 Image used:
https://download.freebsd.org/releases/VM-IMAGES/14.1-RELEASE/amd64/Latest/FreeBSD-14.1-RELEASE-amd64.vmdk.xz

  Note: The VM environment (VMware player) is not relevant because this issue
is first found on a physical machine.


- Do basic network config of the hosts (ip address, default gateway etc.)


- Install OpenVPN at each host

 # pkg install openvpn


- Create openvpn config files (they are derivations of
/usr/tests/sys/net/if_ovpn/if_ovpn)

 <Host A openvpn config>

 dev ovpn0
 dev-type tun
 proto udp4

 cipher AES-256-GCM
 auth SHA256

 local 192.168.XXX.YYY
 server 198.51.100.0 255.255.255.0
 ca /usr/tests/sys/net/if_ovpn/ca.crt
 cert /usr/tests/sys/net/if_ovpn/server.crt
 key /usr/tests/sys/net/if_ovpn/server.key
 dh /usr/tests/sys/net/if_ovpn/dh.pem

 mode server
 script-security 2
 auth-user-pass-verify /usr/bin/true via-env
 topology subnet

 keepalive 100 600


 <Host B openvpn config>

 dev tun0
 dev-type tun

 client

 remote 192.168.XXX.YYY
 auth-user-pass /usr/tests/sys/net/if_ovpn/user.pass

 ca /usr/tests/sys/net/if_ovpn/ca.crt
 cert /usr/tests/sys/net/if_ovpn/client.crt
 key /usr/tests/sys/net/if_ovpn/client.key
 dh /usr/tests/sys/net/if_ovpn/dh.pem

 keepalive 100 600


- Prepare Host A

  ** adduser (USERNAME)

  ** edit /etc/inetd.conf and enable ftpd.

    # /etc/rc.d/inetd onestart
    Starting inetd.

    Note: this issue is not specific to ftp. This is just for a simple test.

  ** start openvpn

    # openvpn --config HOST_A_CONFIG_FILE



- Test at Host B

  ** start openvpn

    # openvpn --config HOST_B_CONFIG_FILE &

  ** prepare test data

    # dd if=/dev/random bs=1M count=100 of=randomfile

  ** transfer data over if_ovpn (put and get back)

    # ftp 198.51.100.1
    Connected to 198.51.100.1.
    220 freebsd FTP server (Version 6.00LS) ready.
    Name (198.51.100.1:root): USERNAME
    331 Password required for USERNAME.
    Password:
    230 User USERNAME logged in.
    Remote system type is UNIX.
    Using binary mode to transfer files.

    ftp> put randomfile
    local: randomfile remote: randomfile
    229 Entering Extended Passive Mode (|||50636|)
    150 Opening BINARY mode data connection for 'randomfile'.
    100%
|********************************************************************************************************|
  100 MiB   22.87 MiB/s    00:00 ETA
    226 Transfer complete.
    104857600 bytes sent in 00:04 (22.80 MiB/s)

    ftp> get randomfile randomfile.returned
    local: randomfile.returned remote: randomfile
    229 Entering Extended Passive Mode (|||58633|)
    150 Opening BINARY mode data connection for 'randomfile' (104857600 bytes).
    100%
|********************************************************************************************************|
  100 MiB   25.26 MiB/s    00:00 ETA
    226 Transfer complete.
    104857600 bytes received in 00:03 (25.26 MiB/s)

    ftp> bye
    221 Goodbye.

  ** compare the files

    # diff randomfile randomfile.returned
    Binary files randomfile and randomfile.returned differ

    # ll randomfile*
    -rw-r--r--  1 root wheel 104857600 Jun 28 20:18 randomfile
    -rw-r--r--  1 root wheel 104857600 Jun 28 20:19 randomfile.returned

    # md5sum randomfile*
    8008cf7f76ea6b1b3f8a85030f226ec9  randomfile
    f2c09d5bf4891e82bd38d8af7c2775b7  randomfile.returned

    Note: The larger the file, the higher the chance of data corruption.

-- 
You are receiving this mail because:
You are the assignee for the bug.