lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:	Wed, 7 May 2014 12:47:33 +0200
From:	Ruben Herold <ruben@...ecure.pw>
To:	netdev@...r.kernel.org
Subject: Problems with gre tunnel between 3.6.3 and 3.14.2

        hi,

I have a strange problem setting up an gre tunnel between to existing
linux router over the internet. (I have try to tunnel it over ipsec
with the same results described below, so I stopped using ipsec for
debugging the issue)

Here the setup with  anonymized IP Adresses

Router A:  
         kernel:  3.6.3 (32bit)
         system:  Debian testing with custom kernel
         tunnel:  

                  /sbin/ip tunnel add tun0 mode gre remote $REMOTE_IP local $LOCAL_IP
                  /sbin/ip addr add 192.168.0.2/31 peer 192.168.0.1/31 dev tun0
                  /sbin/ifconfig tun0 up

    
Router B: 
         kernel:  3.14.2 (64bit)
         system:  Debian testing with custom kernel
         tunnel:

                  /sbin/ip tunnel add tun0 mode gre remote $REMOTE_IP local $LOCAL_IP
                  /sbin/ip addr add 192.168.0.1/31 peer 192.168.0.2/31 dev tun0
                  /sbin/ifconfig tun0 up


tracepath (Same version on both systems) between the systems:

Router A --> Router B:

        tracepath -n xxx.xxx.xxx.xxx
        1:  xxx.xxx.xxx.xxx                                          0.240ms pmtu 1500
        1:  xxx.xxx.xxx.xxx                                          0.360ms 
        1:  xxx.xxx.xxx.xxx                                          0.222ms 
        2:  xxx.xxx.xxx.xxx                                         1.280ms asymm 3 
        3:  xxx.xxx.xxx.xxx                                        1.439ms !H
        Resume: pmtu 1500 


Router B --> Router A:

tracepath -n XXX.XXX.XXX.XXX
        1?: [LOCALHOST]                                         pmtu 1500
        1:  XXX.XXX.XXX.XXX                                        0.352ms asymm 2 
        1:  XXX.XXX.XXX.XXX                                        0.234ms asymm 2 
        2:  XXX.XXX.XXX.XXX                                         1.483ms 
        3:  XXX.XXX.XXX.XXX                                          1.479ms reached
        Resume: pmtu 1500 hops 3 back 3 


So we have clean pmtu 1500 between this hosts
Now the tunnel from both sides:

Router A --> Router B:

    tracepath -n 192.168.0.1
     1:  192.168.0.2                                          0.292ms pmtu 1476
     1:  no reply
     2:  no reply
     3:  192.168.0.1                                          1.516ms !H
     Resume: pmtu 1476 


Router B --> Router A:

    tracepath -n 192.168.0.2
     1?: [LOCALHOST]                                         pmtu 1476
     1:  no reply
     2:  no reply
     3:  192.168.0.1                                          1.482ms    reached
     Resume: pmtu 1476 hops 3 back 1 



icmp ping runs fine via the tunnel but if I try to get a large screen
output via ssh vor example from the dmesg output the connection freezed.

Same with other protocols, looks for me like an mtu problem but I can't
find it. Setting the mtu down on both sides also doesn't help.

But what I'm wondering is that on Router B the HWaddr is changeing on
every ifconfig run:

root@...terB:[~] > ifconfig tun0 ; ifconfig tun0
tun0      Link encap:UNSPEC  HWaddr C2-61-6A-73-00-00-E0-34-00-00-00-00-00-00-00-00  
          inet addr:192.168.0.1  P-t-P:192.168.0.2  Mask:255.255.255.254
          inet6 addr: fe80::200:5efe:c261:6a73/64 Scope:Link
          UP POINTOPOINT RUNNING NOARP  MTU:1476  Metric:1
          RX packets:1228 errors:0 dropped:0 overruns:0 frame:0
          TX packets:34739 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:120614 (117.7 KiB)  TX bytes:2686718 (2.5 MiB)

tun0      Link encap:UNSPEC  HWaddr C2-61-6A-73-00-00-E0-24-00-00-00-00-00-00-00-00  
          inet addr:192.168.0.1  P-t-P:192.168.0.2  Mask:255.255.255.254
          inet6 addr: fe80::200:5efe:c261:6a73/64 Scope:Link
          UP POINTOPOINT RUNNING NOARP  MTU:1476  Metric:1
          RX packets:1228 errors:0 dropped:0 overruns:0 frame:0
          TX packets:34741 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:120614 (117.7 KiB)  TX bytes:2687442 (2.5 MiB)

This doesn't happend on Router A:

root@...terA:[~] > ifconfig tun0; ifconfig tun0
tun0      Link encap:UNSPEC  HWaddr C2-61-01-8A-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:192.168.0.2  P-t-P:192.168.0.1  Mask:255.255.255.254
          inet6 addr: fe80::200:5efe:c261:18a/64 Scope:Link
          UP POINTOPOINT RUNNING NOARP  MTU:1476  Metric:1
          RX packets:1615 errors:0 dropped:0 overruns:0 frame:0
          TX packets:45959 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:385274 (376.2 KiB)  TX bytes:2277674 (2.1 MiB)

tun0      Link encap:UNSPEC  HWaddr C2-61-01-8A-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:192.168.0.2  P-t-P:192.168.0.1  Mask:255.255.255.254
          inet6 addr: fe80::200:5efe:c261:18a/64 Scope:Link
          UP POINTOPOINT RUNNING NOARP  MTU:1476  Metric:1
          RX packets:1615 errors:0 dropped:0 overruns:0 frame:0
          TX packets:45959 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:385274 (376.2 KiB)  TX bytes:2277674 (2.1 MiB)



What does this mean? Could this be the problem?

    thx for help

            Ruben



-- 
Ruben Herold 
ruben@...ecure.pw

Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ