https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280036
Bug ID: 280036
Summary: Data corruption over if_ovpn (OpenVPN DCO) observed
Product: Base System
Version: 14.1-RELEASE
Hardware: Any
OS: Any
Status: New
Severity: Affects Some People
Priority: ---
Component: kern
Assignee: [email protected]
Reporter: [email protected]
Steps to Reproduce:
- Run two instances (Host A and Host B) of FreeBSD using VMware player on
Windows
Image used:
https://download.freebsd.org/releases/VM-IMAGES/14.1-RELEASE/amd64/Latest/FreeBSD-14.1-RELEASE-amd64.vmdk.xz
Note: The VM environment (VMware player) is not relevant because this issue
is first found on a physical machine.
- Do basic network config of the hosts (ip address, default gateway etc.)
- Install OpenVPN at each host
# pkg install openvpn
- Create openvpn config files (they are derivations of
/usr/tests/sys/net/if_ovpn/if_ovpn)
<Host A openvpn config>
dev ovpn0
dev-type tun
proto udp4
cipher AES-256-GCM
auth SHA256
local 192.168.XXX.YYY
server 198.51.100.0 255.255.255.0
ca /usr/tests/sys/net/if_ovpn/ca.crt
cert /usr/tests/sys/net/if_ovpn/server.crt
key /usr/tests/sys/net/if_ovpn/server.key
dh /usr/tests/sys/net/if_ovpn/dh.pem
mode server
script-security 2
auth-user-pass-verify /usr/bin/true via-env
topology subnet
keepalive 100 600
<Host B openvpn config>
dev tun0
dev-type tun
client
remote 192.168.XXX.YYY
auth-user-pass /usr/tests/sys/net/if_ovpn/user.pass
ca /usr/tests/sys/net/if_ovpn/ca.crt
cert /usr/tests/sys/net/if_ovpn/client.crt
key /usr/tests/sys/net/if_ovpn/client.key
dh /usr/tests/sys/net/if_ovpn/dh.pem
keepalive 100 600
- Prepare Host A
** adduser (USERNAME)
** edit /etc/inetd.conf and enable ftpd.
# /etc/rc.d/inetd onestart
Starting inetd.
Note: this issue is not specific to ftp. This is just for a simple test.
** start openvpn
# openvpn --config HOST_A_CONFIG_FILE
- Test at Host B
** start openvpn
# openvpn --config HOST_B_CONFIG_FILE &
** prepare test data
# dd if=/dev/random bs=1M count=100 of=randomfile
** transfer data over if_ovpn (put and get back)
# ftp 198.51.100.1
Connected to 198.51.100.1.
220 freebsd FTP server (Version 6.00LS) ready.
Name (198.51.100.1:root): USERNAME
331 Password required for USERNAME.
Password:
230 User USERNAME logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> put randomfile
local: randomfile remote: randomfile
229 Entering Extended Passive Mode (|||50636|)
150 Opening BINARY mode data connection for 'randomfile'.
100%
|********************************************************************************************************|
100 MiB 22.87 MiB/s 00:00 ETA
226 Transfer complete.
104857600 bytes sent in 00:04 (22.80 MiB/s)
ftp> get randomfile randomfile.returned
local: randomfile.returned remote: randomfile
229 Entering Extended Passive Mode (|||58633|)
150 Opening BINARY mode data connection for 'randomfile' (104857600 bytes).
100%
|********************************************************************************************************|
100 MiB 25.26 MiB/s 00:00 ETA
226 Transfer complete.
104857600 bytes received in 00:03 (25.26 MiB/s)
ftp> bye
221 Goodbye.
** compare the files
# diff randomfile randomfile.returned
Binary files randomfile and randomfile.returned differ
# ll randomfile*
-rw-r--r-- 1 root wheel 104857600 Jun 28 20:18 randomfile
-rw-r--r-- 1 root wheel 104857600 Jun 28 20:19 randomfile.returned
# md5sum randomfile*
8008cf7f76ea6b1b3f8a85030f226ec9 randomfile
f2c09d5bf4891e82bd38d8af7c2775b7 randomfile.returned
Note: The larger the file, the higher the chance of data corruption.
--
You are receiving this mail because:
You are the assignee for the bug.
