[Bug 255497] net/wireguard-kmod (0.0.20210424_1)

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Thu Apr 29 18:48:45 UTC 2021 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=255497

            Bug ID: 255497
           Summary: net/wireguard-kmod (0.0.20210424_1)
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: decke at FreeBSD.org
          Reporter: oleg at pcbtech.ru
          Assignee: decke at FreeBSD.org
             Flags: maintainer-feedback?(decke at FreeBSD.org)

Hi all,

I've to report a bug in wiregaurd-kmod. Here's my system:

FreeBSD `hostname` 13.0-RELEASE FreeBSD 13.0-RELEASE #0
releng/13.0-n244733-ea31abc261f: Fri Apr  9 04:24:09 UTC 2021    
root at releng1.nyi.freebsd.org:/usr/obj/usr/src/amd64.amd64/sys/GENERIC  amd64

latest binary update, gitup'd latest release/13.0 src & ports.

After update to wireguard-kmod-0.0.20210424_1 data going through vpn channel
was dropped partly. It happened if the size of session is larger than megabyte,
so the ping works well - that's why I detected it after some time: my clients
started to worry that theirs mail (smtp via wg0) are tampered while sending -
the pictures got artifacts, archives came broken etc. At first, I've told'em to
stop whinning and stop using m$ software as I several million times alreday
recommend before =)) But in parallel I started to check things on the servers,
just to asure myself, and the first simple test fails =(

[host] /home/user $ scp -p /tmp/k.zip user at 192.168.x.y:/tmp/
Password for user at host:
k.zip                   3%    0     5.5MB/s   00:10 ETAFssh_packet_write_wait:
Connection to 192.168.x.y port 22: Broken pipe
lost connection

... again with verbose info:

[host] /home/user $ scp -vp /tmp/k.zip user at 192.168.x.y:/tmp/
Executing: program /usr/bin/ssh host 192.168.x.y, user user, command scp -v -p
-t /tmp/
OpenSSH_7.9p1, OpenSSL 1.1.1k-freebsd  25 Mar 2021
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to 192.168.x.y [192.168.x.y] port 22.
debug1: Connection established.
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: identity file /root/.ssh/id_ed25519 type 3
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: identity file /root/.ssh/id_xmss type -1
debug1: identity file /root/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.9 FreeBSD-20200214
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.9
FreeBSD-20200214
debug1: match: OpenSSH_7.9 FreeBSD-20200214 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 192.168.x.y:22 as 'user'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305 at openssh.com MAC:
<implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305 at openssh.com MAC:
<implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256
SHA256:nA1uA8Ii0BI3oMOZRjjrdJOp3Jo1voo7EGv6h45ZXJ8
debug1: skipped DNS lookup for numerical hostname
debug1: Host '192.168.x.y' is known and matches the ECDSA host key.
debug1: Found key in /root/.ssh/known_hosts:10
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: Will attempt key: /root/.ssh/id_rsa 
debug1: Will attempt key: /root/.ssh/id_dsa 
debug1: Will attempt key: /root/.ssh/id_ecdsa 
debug1: Will attempt key: /root/.ssh/id_ed25519 ED25519 SHA256:..xxx...
debug1: Will attempt key: /root/.ssh/id_xmss 
debug1: SSH2_MSG_EXT_INFO received
debug1: Fssh_kex_input_ext_info:
server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/id_rsa
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Trying private key: /root/.ssh/id_ecdsa
debug1: Offering public key: /root/.ssh/id_ed25519 ED25519 SHA256:..xxx...
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Trying private key: /root/.ssh/id_xmss
debug1: Next authentication method: keyboard-interactive
Password for user at host:
debug1: Authentication succeeded (keyboard-interactive).
Authenticated to 192.168.x.y ([192.168.x.y]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions at o.com
debug1: Entering interactive session.
debug1: pledge: network
debug1: client_input_global_request: rtype hostkeys-00 at openssh.com want_reply 0
debug1: Sending command: scp -v -p -t /tmp/
File mtime 1619619978 atime 1619619968
Sending file timestamps: T1619619978 0 1619619968 0
Sink: T1619619978 0 1619619968 0
Sending file modes: C0644 59681372 k.zip
Sink: C0644 59681372 k.zip
k.zip                   0%    0     0.0KB/s   --:-- ETAFssh_packet_write_wait:
Connection to 192.168.x.y port 22: Broken pipe
lost connection

Re-installation & restart of wireguard-kmod-0.0.20210424_1

$ scp -p /tmp/k.zip user at 192.168.x.y:/tmp/
Password for user at host:
k.zip                   0%    0     0.0KB/s   --:-- ETAFssh_packet_write_wait:
Connection to 192.168.x.y port 22: Broken pipe

$ scp -p /tmp/k.zip user at 192.168.x.y:/tmp/
k.zip                   18%   11MB   5.2MB/s   00:08 ETAFssh_packet_write_wait:
Connection to 192.168.x.y port 22: Broken pipe
lost connection

Then I downgraded to previous build,

===>>> Upgrade of wireguard-kmod-0.0.20210424_1 to wireguard-kmod-0.0.20210415
complete

and since then everуthing was correct (I also checked it w/ checksum, copied
different files, etc.):

$ scp -p /tmp/k.zip user at 192.168.x.y:/tmp/
Password for user at host:
k.zip                   100%   57MB   4.5MB/s   00:12

The other side is FreeBSD 12.2-RELEASE-p6 i386, latest binary update, gitup'd
ports & src, wireguard-kmod-0.0.20210424_1 works good, as well as previous
build - here everething seens to be ok on any build number

update: on the other size (12.2) there's a dovecot pop3 server and, in spite
the fact that file scp'ing well, my clients had errors with
wireguard-kmod-0.0.20210424_1: if mail is more than a couple of megabytes, some
attachments are broken (see above). I downgraded it to
wireguard-kmod-0.0.20210415 too and the problem seems to stop.

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-ports-bugs mailing list