| Summary: | net-misc/vpnc doesn't work properly with gentoo-sources-2.6.38 | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Eugene <Johnbat26> |
| Component: | [OLD] Core system | Assignee: | Lori <lori> |
| Status: | RESOLVED FIXED | ||
| Severity: | critical | CC: | fauli, mmokrejs |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | AMD64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
| Attachments: |
My gentoo-sources-2.6.38 config
My kernel 2.6.37 config Wireshark screenshot for wget My emerge --info Http over vpnc don't work |
||
Created attachment 267351 [details]
My gentoo-sources-2.6.38 config
My gentoo-sources-2.6.38 config
Created attachment 267353 [details]
My kernel 2.6.37 config
My kernel 2.6.37 config
I couldn't reproduce the bug neither on my desktop, nor on my laptop with gentoo-sources-2.6.38 using my own configs. top, mc, and http all work over the VPN. I will take a look at you config, see if with minor changes to support my hardware I can reproduce the bug. (In reply to comment #0) > But if I invoke mc or top at remote server, then my screen becomes black ant > console hungs. I fear it has to do with your ncurses or slang library. Was that updated meanwhile? Re-run revdep-rebuild, and try to downgrade these to the previous versions if they got updated during your 2.6.37 to 2.6.38 transition if revdep-rebuild does not help. > If remote server is http server then I can't open page from browser. Firefox > wait answer from remote server. Can you fetch the webpage using wget? Any errors in apache errorlog? I try to use wget to get http page: ----------------------- LC_ALL=C wget http://172.20.1.1/tve --2011-03-30 22:23:17-- http://172.20.1.1/tve Connecting to 172.20.1.1:80... connected. HTTP request sent, awaiting response... 301 Moved Permanently Location: http://172.20.1.1/tve/ [following] --2011-03-30 22:23:17-- http://172.20.1.1/tve/ Reusing existing connection to 172.20.1.1:80. HTTP request sent, awaiting response... ------------------------- It don't work (. --------- I rebuild ncurses and slang and do revdep-rebuild. Problem exists. ( ------------ [U] sys-libs/ncurses Available versions: (5) 5.6-r2 5.7-r3 (~)5.7-r5 (~)5.7-r6{tbz2} (~)5.7-r7 (~)5.8 {ada +cxx debug doc gpm minimal nocxx profile static-libs trace unicode} Installed versions: 5.7-r3(5)(21:39:37 30.03.2011)(cxx gpm unicode -ada -debug -doc -minimal -profile -trace) Homepage: http://www.gnu.org/software/ncurses/ http://dickey.his.com/ncurses/ Description: console display library ------------ [I] sys-libs/slang Available versions: 2.2.2 (~)2.2.3{tbz2} {cjk pcre png readline zlib} Installed versions: 2.2.3{tbz2}(22:22:30 30.03.2011)(pcre png readline zlib -cjk) Homepage: http://www.jedsoft.org/slang/ Description: A multi-platform programmer's library designed to allow a developer to create robust software ------------- Created attachment 267875 [details]
Wireshark screenshot for wget
Created attachment 267877 [details]
My emerge --info
It looks like for small transfers, which means small packets, the packets go through: ssh login, HTTP redirect response. However, when you have larger packets, caused by running top or mc, or receiving a full web page, the responses get blocked. Could it be an MTU issue? Can you capture on both your machine and 172.20.1.1 with Wireshark, to see that the responses are generated? I rebuild all world. And under 2.6.38 vpnc don't work properly. But under 2.6.37 vpnc works OK. I understand nothing. ssh connect success. But when I type 'top' command my console hangs! In browser http site don't open! Please, help me with the Problem. Unfortunately I don't have access currently to an x86_64 machine to try to reproduce the bug with your .config file. Could you take a look to see if this happens with the other versions of vpnc in the tree? =net-misc/vpnc-0.5.3 =net-misc/vpnc-0.5.3_p451 Additionally, could you try compiling from the SVN version of vpnc from source: http://svn.unix-ag.uni-kl.de/vpnc/ Please post the output of after the VPN is established: /sbin/ifconfig | grep tun0 -A8 [If the tunnel device created by vpnc is not tun0, change accordingly] My uname -a
Linux dragon 2.6.38-gentoo #1 SMP PREEMPT Sat Apr 16 23:51:20 MSD 2011 x86_64 Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz GenuineIntel GNU/Linux
-------------
vpnc --version (FROM SVN)
vpnc version 0.5.3-457
Copyright (C) 2002-2006 Geoffrey Keating, Maurice Massar, others
vpnc comes with NO WARRANTY, to the extent permitted by law.
You may redistribute copies of vpnc under the terms of the GNU General
Public License. For more information about these matters, see the files
named COPYING.
Built with certificate support.
Supported DH-Groups: nopfs dh1 dh2 dh5
Supported Hash-Methods: md5 sha1
Supported Encryptions: null des 3des aes128 aes192 aes256
Supported Auth-Methods: psk psk+xauth hybrid(rsa)
--------------
/sbin/ifconfig | grep tun0 -A8
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:89.175.77.202 P-t-P:89.175.77.202 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
-------------
I attached new tcp dump with don't work http over vpnc.
Created attachment 270299 [details]
Http over vpnc don't work
tun: Universal TUN/TAP device driver, 1.6 tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com> device tun0 entered promiscuous mode device tun0 left promiscuous mode lspci 00:00.0 Host bridge: Intel Corporation Mobile 945GM/PM/GMS, 943/940GML and 945GT Express Memory Controller Hub (rev 03) 00:01.0 PCI bridge: Intel Corporation Mobile 945GM/PM/GMS, 943/940GML and 945GT Express PCI Express Root Port (rev 03) 00:1b.0 Audio device: Intel Corporation N10/ICH 7 Family High Definition Audio Controller (rev 01) 00:1c.0 PCI bridge: Intel Corporation N10/ICH 7 Family PCI Express Port 1 (rev 01) 00:1c.1 PCI bridge: Intel Corporation N10/ICH 7 Family PCI Express Port 2 (rev 01) 00:1c.3 PCI bridge: Intel Corporation N10/ICH 7 Family PCI Express Port 4 (rev 01) 00:1d.0 USB Controller: Intel Corporation N10/ICH 7 Family USB UHCI Controller #1 (rev 01) 00:1d.1 USB Controller: Intel Corporation N10/ICH 7 Family USB UHCI Controller #2 (rev 01) 00:1d.2 USB Controller: Intel Corporation N10/ICH 7 Family USB UHCI Controller #3 (rev 01) 00:1d.3 USB Controller: Intel Corporation N10/ICH 7 Family USB UHCI Controller #4 (rev 01) 00:1d.7 USB Controller: Intel Corporation N10/ICH 7 Family USB2 EHCI Controller (rev 01) 00:1e.0 PCI bridge: Intel Corporation 82801 Mobile PCI Bridge (rev e1) 00:1f.0 ISA bridge: Intel Corporation 82801GBM (ICH7-M) LPC Interface Bridge (rev 01) 00:1f.2 IDE interface: Intel Corporation 82801GBM/GHM (ICH7 Family) SATA IDE Controller (rev 01) 00:1f.3 SMBus: Intel Corporation N10/ICH 7 Family SMBus Controller (rev 01) 01:00.0 VGA compatible controller: nVidia Corporation G71 [GeForce Go 7900 GS] (rev a1) 03:00.0 Ethernet controller: Broadcom Corporation BCM4401-B0 100Base-TX (rev 02) 03:01.0 FireWire (IEEE 1394): Ricoh Co Ltd R5C832 IEEE 1394 Controller 03:01.1 SD Host controller: Ricoh Co Ltd R5C822 SD/SDIO/MMC/MS/MSPro Host Adapter (rev 19) 03:01.2 System peripheral: Ricoh Co Ltd R5C592 Memory Stick Bus Host Adapter (rev 0a) 03:01.3 System peripheral: Ricoh Co Ltd xD-Picture Card Controller (rev 05) 0c:00.0 Network controller: Intel Corporation PRO/Wireless 3945ABG [Golan] Network Connection (rev 02) (In reply to comment #11) [...] > /sbin/ifconfig | grep tun0 -A8 > tun0 Link encap:UNSPEC HWaddr > 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 > inet addr:89.175.77.202 P-t-P:89.175.77.202 Mask:255.255.255.255 > UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 > RX packets:0 errors:0 dropped:0 overruns:0 frame:0 > TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:500 > RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) Just to eliminate potential MTU issues (I don't think this is the cause), try manually lowering MTU on the tunnel interface after vpnc is started: ifconfig tun0 mtu 1412 I put 1412 here because that's what I get by default, but you could try lower values as well, maybe down to 1280. I set MTU =1300 and vpnc works excellent now under 3.8.38. Thanks for support. RESOLVED |
I have updated to gentoo-sources-2.6.38. All works excellent except vpn. I use vpnc: ---------- [I] net-misc/vpnc Available versions: 0.5.3 (~)0.5.3_p451{tbz2} (~)0.5.3_p457-r1 {bindist hybrid-auth openssl resolvconf} Installed versions: 0.5.3_p457-r1(23:41:49 21.03.2011)(openssl resolvconf -bindist) Homepage: http://www.unix-ag.uni-kl.de/~massar/vpnc/ Description: Free client for Cisco VPN routing software ---------- And under gentoo-source-2.6.37 vpn work OK. But under 2.6.38 tunnel established OK. ping to remote server work OK. I even may enter into remote server through ssh. But if I invoke mc or top at remote server, then my screen becomes black ant console hungs. If remote server is http server then I can't open page from browser. Firefox wait answer from remote server. Q. What have broken in 2.6.38 kernel ? Reproducible: Always Steps to Reproduce: 1. Install 2.6.38 kernel(gentoo-sources) 2. Invoke vpnc command and established tunnel to remote server. 3. ping to remote server ok, ssh ok, remote command: mc, top don't work. console hung. 4. if remote server is http server, then browser can't open http page. it wait answer from server Actual Results: vpnc don't work properly Expected Results: vpnc have to work OK, how in 2.6.37 kernel