[Kernel-packages] [Bug 1874257] Re: SSH fails with connection timed out - in VPN and hangs here "expecting SSH2_MSG_KEX_ECDH_REPLY" + Ubuntu 16.04.6 LTS
@Stuart-ward wrote… > This is still a current problem > > $ dpkg -l | grep -i openvpn > ii network-manager-openvpn 1.8.14-1 amd64 network management framework > (OpenVPN plugin core) > ii network-manager-openvpn-gnome 1.8.14-1 amd64 network management framework > (OpenVPN plugin GNOME GUI) > ii openvpn 2.5.1-3ubuntu1 amd64 virtual private network daemon Once again, OpenConnect and OpenVPN are *not* the same thing. At all. For your VPN connection, are you using OpenConenct (the original subject of this bug report), or are you using OpenVPN (completely different and should have a separate bug files)? -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1874257 Title: SSH fails with connection timed out - in VPN and hangs here "expecting SSH2_MSG_KEX_ECDH_REPLY" + Ubuntu 16.04.6 LTS Status in linux package in Ubuntu: Invalid Status in openconnect package in Ubuntu: Fix Released Status in openssh package in Ubuntu: Invalid Status in openconnect source package in Xenial: Confirmed Bug description: Hello Team, SSH timeout issue, once connect to VPN. Environment == Dell XPS 9570 Ubuntu 16.04.6 Xenial Xerus) kernel - 4.15.0-55-generic $dpkg -l | grep -i openssh ii openssh-client 1:7.2p2-4ubuntu2.8 --> ii openssh-server 1:7.2p2-4ubuntu2.8 ii openssh-sftp-server 1:7.2p2-4ubuntu2.8 VPN tunnel info vpn0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:IP P-t-P:xx Mask:255.255.252.0 inet6 addr: fe80::b8e2:bea4:2e62:fe08/64 Scope:Link UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1406 Metric:1 RX packets:962 errors:0 dropped:0 overruns:0 frame:0 TX packets:1029 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:500 RX bytes:87839 (87.8 KB) TX bytes:238740 (238.7 KB) Issue Unable to connect to any host via ssh or sftp after VPN connection Tried = Reinstalled the openssh-client package and still no luck. May I know why the default cipher is not taking/hanging? Please let me know . There were no recent changes. Workaround === Able to connect to ssh / sftp $ssh -c aes128-ctr user@IP Below is the debug ssh client logs === == $ssh -vvv user@ip OpenSSH_7.2p2 Ubuntu-4ubuntu2.8, OpenSSL 1.0.2g 1 Mar 2016 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug2: resolving "IP" port 22 debug2: ssh_connect_direct: needpriv 0 debug1: Connecting to IP [IP] port 22. debug1: Connection established. debug1: key_load_public: No such file or directory debug1: identity file /home/user/.ssh/id_rsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/user/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/user/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/user/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/user/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/user/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/user/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/user/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.8 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 debug1: match: OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 pat OpenSSH* compat 0x0400 debug2: fd 3 setting O_NONBLOCK debug1: Authenticating to IP:22 as 'user' debug3: send packet: type 20 debug1: SSH2_MSG_KEXINIT sent debug3: receive packet: type 20 debug1: SSH2_MSG_KEXINIT received debug2: local client KEXINIT proposal debug2: KEX algorithms: curve25519-sha...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,ext-info-c debug2: host key algorithms: ecdsa-sha2-nistp256-cert-...@openssh.com,ecdsa-sha2-nistp384-cert-...@openssh.com,ecdsa-sha2-nistp521-cert-...@openssh.com,ssh-ed25519-cert-...@openssh.com,ssh-rsa-cert-...@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa debug2: ciphers ctos: chacha20-poly1...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-...@openssh.com,aes256-...@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc debug2: ciphers stoc:
[Kernel-packages] [Bug 1754601] Re: openconnect has trouble maintaining a VPN connection
I'm one of the OpenConnect developers. This thread appears to be describing THREE SEPARATE PROBLEMS, which likely have nothing to do with Ubuntu's packaging specifically. Please submit bug reports at https://gitlab.com/openconnect/openconnect/-/issues. @Ingo Karkat: > What helped for me was switching from > > $ sudo openconnect --protocol=pulse ... > > to > > $ sudo openconnect --juniper ... > > Which is odd, because my company's VPN is Pulse Secure?! All Pulse Secure VPNs are backwards-compatible with the Juniper protocol. The two protocols are completely different, and both are *terrible* messes… but our understanding of the Juniper protocol is more complete. If you want to improve the Pulse protocol support, please contribute over at Gitlab. Read https://www.infradead.org/openconnect/juniper.html for a bit more explanation. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1754601 Title: openconnect has trouble maintaining a VPN connection Status in linux package in Ubuntu: Triaged Status in openconnect package in Ubuntu: Confirmed Bug description: Some time after upgrading to Bionic, I have found that openconnect has some trouble keeping a VPN connection open to our company VPN. Since openconnect in Bionic seems to be based on the same upstream release as in Artful I assume that the problem is more likely to be in the kernel, and the timing of when it started could fit the kernel upgrade from 4.13 to 4.15.. I regularly see this in the output: SSL read error: Error in the pull function.; reconnecting. SSL negotiation with SSL connection failure: The operation timed out sleep 10s, remaining timeout 300s SSL negotiation with SSL connection failure: The operation timed out sleep 20s, remaining timeout 290 ... Interestingly I just now saw it recover from that problem for the first time I am aware of. I know that it would make sense to test it with the old kernel, and I will try that some time (I don't reboot that often, and am not always on VPN). In the mean time, I am creating this report in the hope that it will ring some bell with someone. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: openconnect 7.08-3 ProcVersionSignature: Ubuntu 4.15.0-10.11-generic 4.15.3 Uname: Linux 4.15.0-10-generic x86_64 ApportVersion: 2.20.8-0ubuntu10 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Fri Mar 9 10:25:56 2018 InstallationDate: Installed on 2017-10-24 (135 days ago) InstallationMedia: Ubuntu 17.10 "Artful Aardvark" - Release amd64 (20171018) SourcePackage: openconnect UpgradeStatus: Upgraded to bionic on 2018-02-06 (30 days ago) --- ApportVersion: 2.20.8-0ubuntu10 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC0: michael1608 F pulseaudio /dev/snd/controlC1: michael1608 F pulseaudio CurrentDesktop: ubuntu:GNOME DistroRelease: Ubuntu 18.04 HibernationDevice: RESUME=UUID=701963f8-cca7-4480-b062-4d2d5006f10d InstallationDate: Installed on 2017-10-24 (149 days ago) InstallationMedia: Ubuntu 17.10 "Artful Aardvark" - Release amd64 (20171018) MachineType: Dell Inc. Latitude E7440 Package: openconnect 7.08-3 PackageArchitecture: amd64 ProcFB: 0 inteldrmfb ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-4.15.0-12-generic root=/dev/mapper/ubuntu--vg-root ro quiet splash ProcVersionSignature: Ubuntu 4.15.0-12.13-generic 4.15.7 RelatedPackageVersions: linux-restricted-modules-4.15.0-12-generic N/A linux-backports-modules-4.15.0-12-generic N/A linux-firmware 1.173 Tags: wayland-session bionic wayland-session Uname: Linux 4.15.0-12-generic x86_64 UpgradeStatus: Upgraded to bionic on 2018-02-06 (44 days ago) UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo vboxusers _MarkForUpload: True dmi.bios.date: 02/02/2015 dmi.bios.vendor: Dell Inc. dmi.bios.version: A14 dmi.board.name: 0WK2DM dmi.board.vendor: Dell Inc. dmi.chassis.type: 9 dmi.chassis.vendor: Dell Inc. dmi.modalias: dmi:bvnDellInc.:bvrA14:bd02/02/2015:svnDellInc.:pnLatitudeE7440:pvr01:rvnDellInc.:rn0WK2DM:rvr:cvnDellInc.:ct9:cvr: dmi.product.name: Latitude E7440 dmi.product.version: 01 dmi.sys.vendor: Dell Inc. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1754601/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1874257] Re: SSH fails with connection timed out - in VPN and hangs here "expecting SSH2_MSG_KEX_ECDH_REPLY" + Ubuntu 16.04.6 LTS
It appears you are using *OpenConnect*, although both the strings OpenVPN and OpenConnect appear in prior posts. These are *completely different* VPN clients. You are using an *ancient* old release of OpenConnect v7.06. The automatic MTU detection logic has been vastly improved in newer versions of OpenConnect: https://www.infradead.org/openconnect/changelog.html So yes, this is indeed a bug in OpenConnect's MTU handling, but likely one which we've long since fixed upstream. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1874257 Title: SSH fails with connection timed out - in VPN and hangs here "expecting SSH2_MSG_KEX_ECDH_REPLY" + Ubuntu 16.04.6 LTS Status in linux package in Ubuntu: Invalid Status in openconnect package in Ubuntu: Confirmed Status in openssh package in Ubuntu: Confirmed Bug description: Hello Team, SSH timeout issue, once connect to VPN. Environment == Dell XPS 9570 Ubuntu 16.04.6 Xenial Xerus) kernel - 4.15.0-55-generic $dpkg -l | grep -i openssh ii openssh-client 1:7.2p2-4ubuntu2.8 --> ii openssh-server 1:7.2p2-4ubuntu2.8 ii openssh-sftp-server 1:7.2p2-4ubuntu2.8 VPN tunnel info vpn0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:IP P-t-P:xx Mask:255.255.252.0 inet6 addr: fe80::b8e2:bea4:2e62:fe08/64 Scope:Link UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1406 Metric:1 RX packets:962 errors:0 dropped:0 overruns:0 frame:0 TX packets:1029 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:500 RX bytes:87839 (87.8 KB) TX bytes:238740 (238.7 KB) Issue Unable to connect to any host via ssh or sftp after VPN connection Tried = Reinstalled the openssh-client package and still no luck. May I know why the default cipher is not taking/hanging? Please let me know . There were no recent changes. Workaround === Able to connect to ssh / sftp $ssh -c aes128-ctr user@IP Below is the debug ssh client logs === == $ssh -vvv user@ip OpenSSH_7.2p2 Ubuntu-4ubuntu2.8, OpenSSL 1.0.2g 1 Mar 2016 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug2: resolving "IP" port 22 debug2: ssh_connect_direct: needpriv 0 debug1: Connecting to IP [IP] port 22. debug1: Connection established. debug1: key_load_public: No such file or directory debug1: identity file /home/user/.ssh/id_rsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/user/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/user/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/user/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/user/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/user/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/user/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/user/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.8 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 debug1: match: OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 pat OpenSSH* compat 0x0400 debug2: fd 3 setting O_NONBLOCK debug1: Authenticating to IP:22 as 'user' debug3: send packet: type 20 debug1: SSH2_MSG_KEXINIT sent debug3: receive packet: type 20 debug1: SSH2_MSG_KEXINIT received debug2: local client KEXINIT proposal debug2: KEX algorithms: curve25519-sha...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,ext-info-c debug2: host key algorithms: ecdsa-sha2-nistp256-cert-...@openssh.com,ecdsa-sha2-nistp384-cert-...@openssh.com,ecdsa-sha2-nistp521-cert-...@openssh.com,ssh-ed25519-cert-...@openssh.com,ssh-rsa-cert-...@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa debug2: ciphers ctos: chacha20-poly1...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-...@openssh.com,aes256-...@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc debug2: ciphers stoc: chacha20-poly1...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-...@openssh.com,aes256-...@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc debug2: MACs ctos:
[Kernel-packages] [Bug 1574622] Re: RTL8723AU No WiFi after reboot
I've had similar problems with the rtl8xxxu driver and the same hardware: [ 8.097402] usb 1-1.4: RTL8723AU rev B (TSMC) 1T1R, TX queues 2, WiFi=1, BT=1, GPS=0, HI PA=0 I presume yours is also a Lenovo Yoga 13? I submitted a small patch to increase the firmware polling delay. This patch appears to resolve the issue for me: http://thread.gmane.org/gmane.linux.kernel.wireless.general/152169 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1574622 Title: RTL8723AU No WiFi after reboot Status in linux package in Ubuntu: Confirmed Bug description: After rebooting the system, the wifi is not initialized correctly. dmesg lists [ 14.132275] usb 2-5: Firmware failed to start However, after complete shutdown and startup the chip works just fine. I was using 14.04 before and this chip has always been kind of dodgy, requiring a kernel module from github for some time. ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: linux-image-4.4.0-21-generic 4.4.0-21.37 [modified: boot/vmlinuz-4.4.0-21-generic] ProcVersionSignature: Ubuntu 4.4.0-21.37-generic 4.4.6 Uname: Linux 4.4.0-21-generic x86_64 ApportVersion: 2.20.1-0ubuntu2 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC0: enbewe 1685 F pulseaudio /dev/snd/controlC1: enbewe 1685 F pulseaudio CurrentDesktop: Unity Date: Mon Apr 25 14:34:09 2016 HibernationDevice: RESUME=UUID=ca32a7cb-a574-4faf-9376-ab44bae3ac42 InstallationDate: Installed on 2016-04-22 (2 days ago) InstallationMedia: Ubuntu 16.04 LTS "Xenial Xerus" - Release amd64 (20160420.1) MachineType: LENOVO 20246 ProcFB: 0 inteldrmfb ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-21-generic.efi.signed root=UUID=dbed3725-2e1c-4a74-8594-6fd4cdb20e21 ro quiet splash vt.handoff=7 RelatedPackageVersions: linux-restricted-modules-4.4.0-21-generic N/A linux-backports-modules-4.4.0-21-generic N/A linux-firmware1.157 SourcePackage: linux StagingDrivers: r8723au UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 10/08/2013 dmi.bios.vendor: LENOVO dmi.bios.version: 8FCN36WW(V1.03) dmi.board.asset.tag: No Asset Tag dmi.board.name: Yoga2 dmi.board.vendor: LENOVO dmi.board.version: 3193STD dmi.chassis.asset.tag: No Asset Tag dmi.chassis.type: 10 dmi.chassis.vendor: LENOVO dmi.chassis.version: Lenovo IdeaPad Yoga 11S dmi.modalias: dmi:bvnLENOVO:bvr8FCN36WW(V1.03):bd10/08/2013:svnLENOVO:pn20246:pvrLenovoIdeaPadYoga11S:rvnLENOVO:rnYoga2:rvr3193STD:cvnLENOVO:ct10:cvrLenovoIdeaPadYoga11S: dmi.product.name: 20246 dmi.product.version: Lenovo IdeaPad Yoga 11S dmi.sys.vendor: LENOVO To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1574622/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
