Hello.
I recently posted this message on the Soekris tech list, but given the
sparse amount of traffic there I am hoping that misc@ will prove to be a
better source of the test data required to keep this problem moving
toward a positive conclusion, rather than stalling as has happened as
recently as a few months ago. Thanks.
Breeno
Received: from 24.72.118.207 (SquirrelMail authenticated user [EMAIL PROTECTED])
by webmail.breeno.net with HTTP; Sun, 28 May 2006 06:50:43 -0700 (PDT)
Message-ID: <[EMAIL PROTECTED]>
Date: Sun, 28 May 2006 06:50:43 -0700 (PDT)
Subject: 'Corrupted MAC on input' points to vpn1411 problem
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
User-Agent: SquirrelMail/1.4.6
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Hello everyone!
A few months ago, Didier Wiroth posted to this list that his net4801 with
a vpn1411 was giving him 'Corrupted MAC on input' errors. He was looking
for a solution to this problem.
Mike Tancsa replied that he has seen the same error a couple of times on
FreeBSD 6.1-PRERELEASE.
Damien Miller posted a number of possible problems which could cause this
error. Unfortunately, my current line of testing indicates that, at least
in my situation, none of these possibilities is the culprit.
I am fairly certain at this point that the problem is related to the
vpn1411. I am not sure if it is the hardware itself or the driver for
OpenBSD. There is a small outside chance that this is related to PuTTY,
which I am using to connect to the net4801, but given that others are also
experiencing this issue it seems to be an outside possibility.
My testing:
When I first noticed this problem I was performing an operation which
displayed a large amount of text. Subsequent errors also happened when
dealing with large amounts of text being output to the PuTTY window. I
decided to make a script to reliably trigger the error:
---- START sshtest.sh
#!/bin/sh
while true
do
cat /var/log/messages
done
---- END sshtest.sh
This script provided me with infinitely large amounts of text output.
Within seconds of running it the first time I received the error in
question.
I then cross checked the various protocol versions and encryption ciphers
available:
SSH2/AES: Corrupted MAC on input
SSH2/Blowfish: OK for 10 minutes, used CTRL-C to escape loop
SSH2/3DES: Corrupted MAC on input
SSH1/Blowfish: OK for 10 minutes, used CTRL-C to escape loop
SSH1/3DES: Incorrect CRC received on packet
As the above data shows, errors only occur with the ciphers that are
accelerated by the vpn1411. Blowfish is not accelerated and never choked
during testing.
I removed the vpn1411 and ran all the tests again. All combinations passed
10 minutes of testing.
To verify the culprit of this error requires further data. I need the
following testers:
net4801/vpn1411/OpenBSD 3.9 - verify the same errors using my testing
methodology. Test against another Unix box rather than PuTTY if possible.
net4801/vpn1411/FreeBSD, NetBSD, or Linux - verify the same errors using
my testing methodology. Test against another Unix box rather than PuTTY if
possible.
If other platforms get the same errors then it is likely a problem with
the vpn1411 itself. If only OpenBSD produces the errors then there could
be a problem with OpenBSD's implementation of the Hifn driver. If the
error doesn't occur between Unix boxen, then PuTTY is the likely culprit.
Please post your test data to this list.
Thank you, namaste, and good luck.
Breeno
