lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:	Wed, 8 Jun 2011 08:43:04 -0700
From:	Stephen Hemminger <shemminger@...ux-foundation.org>
To:	David Miller <davem@...emloft.net>
Cc:	netdev@...r.kernel.org
Subject: Fw: [Bug 36122] New: New cache learned PMTU information in inetpeer
 causes ssh to fail when tunneled via an IPSEC VPN



Begin forwarded message:

Date: Sat, 28 May 2011 21:50:29 GMT
From: bugzilla-daemon@...zilla.kernel.org
To: shemminger@...ux-foundation.org
Subject: [Bug 36122] New: New cache learned PMTU information in inetpeer causes ssh to fail when tunneled via an IPSEC VPN


https://bugzilla.kernel.org/show_bug.cgi?id=36122

               URL: http://bugs.gentoo.org/show_bug.cgi?id=369025
           Summary: New cache learned PMTU information in inetpeer causes
                    ssh to fail when tunneled via an IPSEC VPN
           Product: Networking
           Version: 2.5
    Kernel Version: 2.6.39
          Platform: All
        OS/Version: Linux
              Tree: Mainline
            Status: NEW
          Severity: normal
          Priority: P1
         Component: IPV4
        AssignedTo: shemminger@...ux-foundation.org
        ReportedBy: blueness@...too.org
                CC: kernel@...too.org
        Regression: No


When trying to ssh from a box running 2.6.39 on one private subnet to another
box on another private subnet via an IPSEC vpn, ssh freezes and times out at:

   debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP

This was traced down to commit 2c8cec5c10bced2408082a6656170e74ac17231c.

This type of error is known to occur when there is fragmentation due to
mismatched mtu's which the commit addresses.

Notice the problem does not occur when ssh-ing directly, ie not via an IPSEC
tunnel.  I have not tested if other tunnels are affected.

Please see the downstream bug for more details.

-- 
Configure bugmail: https://bugzilla.kernel.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ