openconnect: SSL wrote too few bytes! | error in buffer handling

Bug #1072328 reported by Harald Höller on 2012-10-28
48
This bug affects 8 people
Affects Status Importance Assigned to Milestone
openconnect (Fedora)
Fix Released
Undecided
openconnect (Ubuntu)
Low
Unassigned

Bug Description

VPN Connection is set back when larger amounts are being transferred - in my case when I execute an rsync script.

in
OpenConnect version v4.06
Using GnuTLS. Features present: PKCS#11, DTLS (using OpenSSL)

from /var/log/syslog:
Oct 28 12:09:22 buckeliger NetworkManager[1227]: <info> No IPv6 configuration
Oct 28 12:09:22 buckeliger NetworkManager[1227]: <info> Login Banner:
Oct 28 12:09:22 buckeliger NetworkManager[1227]: <info> -----------------------------------------
Oct 28 12:09:22 buckeliger NetworkManager[1227]: <info> /////////
Oct 28 12:09:22 buckeliger NetworkManager[1227]: <info> -----------------------------------------
Oct 28 12:09:22 buckeliger openconnect[2705]: Connected vpn0 as *********, using SSL
Oct 28 12:09:23 buckeliger NetworkManager[1227]: <info> VPN connection '****' (IP Config Get) complete.
Oct 28 12:09:23 buckeliger NetworkManager[1227]: <info> Policy set '****' (vpn0) as default for IPv4 routing and DNS.
Oct 28 12:09:23 buckeliger NetworkManager[1227]: <info> ((null)): writing resolv.conf to /sbin/resolvconf
Oct 28 12:09:23 buckeliger dnsmasq[1398]: setting upstream servers from DBus
Oct 28 12:09:23 buckeliger dnsmasq[1398]: using nameserver ****
Oct 28 12:09:23 buckeliger dnsmasq[1398]: using nameserver ****
Oct 28 12:09:24 buckeliger NetworkManager[1227]: <info> VPN plugin state changed: started (4)
Oct 28 12:09:24 buckeliger dbus[1064]: [system] Activating service name='org.freedesktop.nm_dispatcher' (using servicehelper)
Oct 28 12:09:24 buckeliger NetworkManager[1227]: keyfile: updating /etc/NetworkManager/system-connections/****
Oct 28 12:09:24 buckeliger dbus[1064]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
Oct 28 12:09:28 buckeliger openconnect[2705]: DTLS handshake failed: 2
Oct 28 12:09:32 buckeliger ntpdate[2806]: adjust time server 91.189.94.4 offset 0.087904 sec
Oct 28 12:09:46 buckeliger openconnect[2705]: SSL wrote too few bytes! Asked for 1363, sent 0
Oct 28 12:09:46 buckeliger openconnect[2705]: Send BYE packet: Internal error
Oct 28 12:09:46 buckeliger avahi-daemon[1169]: Withdrawing workstation service for vpn0.
Oct 28 12:09:46 buckeliger NetworkManager[1227]: SCPlugin-Ifupdown: devices removed (path: /sys/devices/virtual/net/vpn0, iface: vpn0)
Oct 28 12:09:47 buckeliger NetworkManager[1227]: <warn> VPN plugin failed: 1
Oct 28 12:09:47 buckeliger NetworkManager[1227]: <info> VPN plugin state changed: stopped (6)
Oct 28 12:09:47 buckeliger NetworkManager[1227]: <info> VPN plugin state change reason: 0
Oct 28 12:09:47 buckeliger avahi-daemon[1169]: Withdrawing address record for 192.168.178.20 on eth0.
Oct 28 12:09:47 buckeliger avahi-daemon[1169]: Leaving mDNS multicast group on interface eth0.IPv4 with address 192.168.178.20.
Oct 28 12:09:47 buckeliger avahi-daemon[1169]: Interface eth0.IPv4 no longer relevant for mDNS.
Oct 28 12:09:47 buckeliger avahi-daemon[1169]: Joining mDNS multicast group on interface eth0.IPv4 with address 192.168.178.20.
Oct 28 12:09:47 buckeliger avahi-daemon[1169]: New relevant interface eth0.IPv4 for mDNS.
Oct 28 12:09:47 buckeliger avahi-daemon[1169]: Registering new address record for 192.168.178.20 on eth0.IPv4.
Oct 28 12:09:48 buckeliger NetworkManager[1227]: <info> Policy set 'dahoam' (eth0) as default for IPv4 routing and DNS.

Description of problem:
openconnect terminates the VPN abruptaly.

Version-Release number of selected component (if applicable):
openconnect-4.00-2.el6.x86_64

How reproducible:

Steps to Reproduce:
1. Connect to VPN;
2. Try to download, for instance, a huge CVS tree from a VPN server.
3.

Actual results:
openconnect terminates the VPN with messages:

Jul 26 15:01:19 host openconnect[31571]: SSL wrote too few bytes! Asked for 1375, sent 0
Jul 26 15:01:19 host openconnect[31571]: Send BYE packet: Internal error
Jul 26 15:01:19 host openconnect[31571]: SSL_write failed: 1
Jul 26 15:01:19 host openconnect[31571]: 139641621817192:error:1409F07F:SSL routines:SSL3_WRITE_PENDING:bad write retry:s3_pkt.c:826:

Expected results:
openconnect should not terminate.

Additional info:

openconnect-4.07-2.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/openconnect-4.07-2.fc18

openconnect-4.07-1.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/openconnect-4.07-1.fc17

openconnect-4.07-1.el5 has been submitted as an update for Fedora EPEL 5.
https://admin.fedoraproject.org/updates/openconnect-4.07-1.el5

openconnect-4.07-1.el6 has been submitted as an update for Fedora EPEL 6.
https://admin.fedoraproject.org/updates/openconnect-4.07-1.el6

Package openconnect-4.07-1.el6:
* should fix your issue,
* was pushed to the Fedora EPEL 6 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=epel-testing openconnect-4.07-1.el6'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-12788/openconnect-4.07-1.el6
then log in and leave karma (feedback).

openconnect-4.07-2.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.

openconnect-4.07-1.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.

openconnect-4.07-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.

openconnect-4.07-1.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.

description: updated
tags: added: network-manager
tags: added: networkmanager
tags: added: cisco-compatible
Harald Höller (harald-hoeller) wrote :

It seems the same bug emerged also in the Fedora package: https://bugzilla.redhat.com/show_bug.cgi?id=845636

Harald Höller (harald-hoeller) wrote :

plus I tried to download the openconnect package v4.0.7 and compile it myself but I do not really get what flasg I should use when running configure ...

Harald Höller (harald-hoeller) wrote :

Update: running the script with --bwlimit=32 works for now but of course it would be definitely nicer to be able to use the whole bandwidth available.

Thank you for taking the time to report this bug and helping to make Ubuntu better. It seems that your bug report is not filed about a specific source package though, rather it is just filed against Ubuntu in general. It is important that bug reports be filed about source packages so that people interested in the package can find the bugs about it. You can find some hints about determining what package your bug might be about at https://wiki.ubuntu.com/Bugs/FindRightPackage. You might also ask for help in the #ubuntu-bugs irc channel on Freenode.

To change the source package that this bug is filed about visit https://bugs.launchpad.net/ubuntu/+bug/1072328/+editstatus and add the package name in the text box next to the word Package.

[This is an automated message. I apologize if it reached you inappropriately; please just reply to this message indicating so.]

tags: added: bot-comment
affects: ubuntu → openconnect (Ubuntu)
dwmw2 (dwmw2) wrote :

Fixed in OpenConnect 4.07

Harald Höller (harald-hoeller) wrote :

Yeah? I wrote that I can't compile it.

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in openconnect (Ubuntu):
status: New → Confirmed
Michael R. Crusoe (misterc) wrote :

4.07 fixes it for me. I made a package for it for Precise and added it to my PPA (the build is pending): https://launchpad.net/~misterc/+archive/ppa

opi (opi-gmx) wrote :

@Michael: Can you also add a quantal package?

Download full text (4.1 KiB)

Sure. I uploaded it to the PPA builders last night.
On Nov 27, 2012 2:25 PM, "opi" <email address hidden> wrote:

> @Michael: Can you also add a quantal package?
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1072328
>
> Title:
> openconnect: SSL wrote too few bytes! | error in buffer handling
>
> Status in “openconnect” package in Ubuntu:
> Confirmed
> Status in “openconnect” package in Fedora:
> Unknown
>
> Bug description:
> VPN Connection is set back when larger amounts are being transferred -
> in my case when I execute an rsync script.
>
> in
> OpenConnect version v4.06
> Using GnuTLS. Features present: PKCS#11, DTLS (using OpenSSL)
>
> from /var/log/syslog:
> Oct 28 12:09:22 buckeliger NetworkManager[1227]: <info> No IPv6
> configuration
> Oct 28 12:09:22 buckeliger NetworkManager[1227]: <info> Login Banner:
> Oct 28 12:09:22 buckeliger NetworkManager[1227]: <info>
> -----------------------------------------
> Oct 28 12:09:22 buckeliger NetworkManager[1227]: <info> /////////
> Oct 28 12:09:22 buckeliger NetworkManager[1227]: <info>
> -----------------------------------------
> Oct 28 12:09:22 buckeliger openconnect[2705]: Connected vpn0 as
> *********, using SSL
> Oct 28 12:09:23 buckeliger NetworkManager[1227]: <info> VPN connection
> '****' (IP Config Get) complete.
> Oct 28 12:09:23 buckeliger NetworkManager[1227]: <info> Policy set
> '****' (vpn0) as default for IPv4 routing and DNS.
> Oct 28 12:09:23 buckeliger NetworkManager[1227]: <info> ((null)):
> writing resolv.conf to /sbin/resolvconf
> Oct 28 12:09:23 buckeliger dnsmasq[1398]: setting upstream servers from
> DBus
> Oct 28 12:09:23 buckeliger dnsmasq[1398]: using nameserver ****
> Oct 28 12:09:23 buckeliger dnsmasq[1398]: using nameserver ****
> Oct 28 12:09:24 buckeliger NetworkManager[1227]: <info> VPN plugin state
> changed: started (4)
> Oct 28 12:09:24 buckeliger dbus[1064]: [system] Activating service
> name='org.freedesktop.nm_dispatcher' (using servicehelper)
> Oct 28 12:09:24 buckeliger NetworkManager[1227]: keyfile: updating
> /etc/NetworkManager/system-connections/****
> Oct 28 12:09:24 buckeliger dbus[1064]: [system] Successfully activated
> service 'org.freedesktop.nm_dispatcher'
> Oct 28 12:09:28 buckeliger openconnect[2705]: DTLS handshake failed: 2
> Oct 28 12:09:32 buckeliger ntpdate[2806]: adjust time server 91.189.94.4
> offset 0.087904 sec
> Oct 28 12:09:46 buckeliger openconnect[2705]: SSL wrote too few bytes!
> Asked for 1363, sent 0
> Oct 28 12:09:46 buckeliger openconnect[2705]: Send BYE packet: Internal
> error
> Oct 28 12:09:46 buckeliger avahi-daemon[1169]: Withdrawing workstation
> service for vpn0.
> Oct 28 12:09:46 buckeliger NetworkManager[1227]: SCPlugin-Ifupdown:
> devices removed (path: /sys/devices/virtual/net/vpn0, iface: vpn0)
> Oct 28 12:09:47 buckeliger NetworkManager[1227]: <warn> VPN plugin
> failed: 1
> Oct 28 12:09:47 buckeliger NetworkManager[1227]: <info> VPN plugin state
> changed: stopped (6)
> Oct 28 12:09:47 buckeliger NetworkManager[1227]: <info> VPN plugin state
> change reason: 0
> ...

Read more...

opi (opi-gmx) wrote :

Thanks Michael, seems to work for me, no disconnect yet.

Eric Pabst (epabst) wrote :

Thank Michael. It worked for me as well. Very much appreciated.

Sebastien Bacher (seb128) wrote :

the new version which fixes the issue has been synced to raring:
https://launchpad.net/ubuntu/+source/openconnect/4.07-1

Changed in openconnect (Ubuntu):
importance: Undecided → Low
status: Confirmed → Fix Released
sokai (sokai) wrote :

Hi there! - Thanks for effort!

Is it possible to get a package/fix for 12.10? (ATM I have installed the PPA from misterc that fixed the problem with 12.10.)

Thanks a lot and best regards, sokai

mathew (meta23) wrote :

Just hit this on 12.04; rsync would pretty reliably trigger it. Version on misterc's PPA fixes it.

Changed in openconnect (Fedora):
importance: Unknown → Undecided
status: Unknown → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.