Chrome uses invalid source address in the L2TP header |
|||||||||
Issue descriptionChromeOS version:70.0.3538.76 ChromeOS device model:ASUS Chromebook Flip C101PA Case#: N/A since this issue occurred while deployment phase. Description: SEIL (VPN server) provides 172.16.5.28 for L2TP session to Chrome OS device as a source address. Chrome OS uses 192.168.12.186 as source IP address, which is provided from mobile phone by using tethering, in the L2TP header instead of using 172.16.5.28. Because the Chrome OS uses invalid source IP address, SEIL's ingress filter detects this and did not let Chrome OS device to communicate with VPN server; Chrome OS device sends STOP CCC to end the session. Steps to reproduce: 1. Open Chrome OS device 2. Connect to VPN server(L2TP/IPsec) Current Behavior / Reproduction: Chrome OS uses invalid source IP address and this cause the disconnection from VPN session. Expected Behavior: Chrome OS should use 172.16.5.28 as source IP provided from VPN server in L2TP header. Drive link to logs: *The issue occurred at Nov 28 11:37 Log from VPN : https://drive.google.com/open?id=1ajlyQUjJDAqfCuMOgaFoGpTxPaUo7gf7rRVL3vzoTAU CrOS Debug log : https://drive.google.com/open?id=1yMqy3xle_8cpERCexDLOdBHb235JOSQo
,
Dec 19
,
Dec 19
,
Jan 7
Any update on this?
,
Jan 11
,
Jan 11
,
Jan 11
,
Jan 11
I can help triage this one. The relevant log from charon and pppd are: 2018-11-28T11:37:29.933511+09:00 INFO shill[1460]: [INFO:l2tp_ipsec_driver.cc(458)] IP configuration received: authenticated 2018-11-28T11:37:29.933825+09:00 INFO pppd[7528]: [INFO:ppp.cc(178)] Task proxy destroyed. 2018-11-28T11:37:29.954964+09:00 NOTICE pppd[7528]: local IP address 172.16.5.28 2018-11-28T11:37:29.955027+09:00 NOTICE pppd[7528]: remote IP address 172.16.5.1 2018-11-28T11:37:29.955055+09:00 NOTICE pppd[7528]: primary DNS address 8.8.8.8 2018-11-28T11:37:29.955080+09:00 NOTICE pppd[7528]: secondary DNS address 8.8.4.4 2018-11-28T11:37:29.955088+09:00 INFO l2tpipsec_vpn[7505]: pppd: local IP address 172.16.5.28 2018-11-28T11:37:29.955135+09:00 INFO l2tpipsec_vpn[7505]: pppd: remote IP address 172.16.5.1 2018-11-28T11:37:29.955152+09:00 INFO l2tpipsec_vpn[7505]: pppd: primary DNS address 8.8.8.8 2018-11-28T11:37:29.955169+09:00 INFO l2tpipsec_vpn[7505]: pppd: secondary DNS address 8.8.4.4 2018-11-28T11:37:29.955199+09:00 INFO pppd[7528]: [INFO:ppp.cc(112)] OnConnect(ppp0) 2018-11-28T11:37:29.956782+09:00 INFO pppd[7528]: [INFO:ppp.cc(169)] Task proxy created: :1.15 - /task/3 2018-11-28T11:37:29.956843+09:00 INFO pppd[7528]: [INFO:task_proxy.cc(36)] Notify(connect, argcount: 8) 2018-11-28T11:37:29.957458+09:00 INFO shill[1460]: [INFO:l2tp_ipsec_driver.cc(458)] IP configuration received: connect 2018-11-28T11:37:29.957687+09:00 INFO shill[1460]: [INFO:device.cc(201)] Device created: ppp0 index 9 2018-11-28T11:37:29.958110+09:00 INFO charon[7507]: 05[KNL] interface ppp0 activated 2018-11-28T11:37:29.958318+09:00 INFO shill[1460]: [INFO:connection.cc(281)] UpdateFromIPConfig: Installing with parameters: local=172.16.5.28 broadcast=<unknown> peer=0.0.0.0 gateway=0.0.0.0 2018-11-28T11:37:29.958771+09:00 INFO shill[1460]: [INFO:connection.cc(78)] 11: bound to connection: ppp0 2018-11-28T11:37:29.958886+09:00 INFO shill[1460]: [INFO:service.cc(391)] Service 11: state Configuring -> Connected *** 2018-11-28T11:37:29.959721+09:00 INFO charon[7507]: 07[KNL] 172.16.5.28 appeared on ppp0 *** 2018-11-28T11:37:29.965777+09:00 INFO shill[1460]: [INFO:manager.cc(1500)] Service 11 updated; state: Connected failure Unknown 2018-11-28T11:37:29.973445+09:00 INFO shill[1460]: [INFO:service.cc(391)] Service 11: state Connected -> Online 2018-11-28T11:37:29.973716+09:00 INFO shill[1460]: [INFO:manager.cc(1500)] Service 11 updated; state: Online failure Unknown 2018-11-28T11:37:29.982642+09:00 INFO pppd[7528]: [INFO:ppp.cc(178)] Task proxy destroyed. 2018-11-28T11:37:29.984056+09:00 WARNING pppd[7528]: Protocol-Reject for unsupported protocol 0x5760 2018-11-28T11:37:29.984206+09:00 INFO l2tpipsec_vpn[7505]: pppd: Protocol-Reject for unsupported protocol 0x5760 2018-11-28T11:37:29.994002+09:00 INFO shill[1460]: [INFO:service.cc(305)] Suppressed autoconnect to service 0 (no endpoints) *** 2018-11-28T11:37:30.058445+09:00 INFO charon[7507]: 06[KNL] creating roam job due to address/link change 2018-11-28T11:37:30.058688+09:00 INFO charon[7507]: 06[KNL] using 192.168.12.186 as address to reach 202.232.184.228/32 2018-11-28T11:37:30.058738+09:00 INFO charon[7507]: 06[IKE] keeping connection path 192.168.12.186 - 202.232.184.228 *** 2018-11-28T11:37:30.747007+09:00 WARNING pppd[7528]: Protocol-Reject for unsupported protocol 0x5760 2018-11-28T11:37:30.747239+09:00 INFO l2tpipsec_vpn[7505]: pppd: Protocol-Reject for unsupported protocol 0x5760 2018-11-28T11:37:49.002849+09:00 INFO charon[7507]: 12[KNL] querying policy 192.168.12.186/32[udp/l2tp] === 202.232.184.228/32[udp/l2tp] out 2018-11-28T11:38:08.005184+09:00 INFO charon[7507]: 13[KNL] querying policy 192.168.12.186/32[udp/l2tp] === 202.232.184.228/32[udp/l2tp] out 2018-11-28T11:38:23.007496+09:00 INFO charon[7507]: 14[KNL] querying policy 192.168.12.186/32[udp/l2tp] === 202.232.184.228/32[udp/l2tp] out 2018-11-28T11:38:42.009258+09:00 INFO charon[7507]: 15[KNL] querying policy 192.168.12.186/32[udp/l2tp] === 202.232.184.228/32[udp/l2tp] out 2018-11-28T11:38:46.371535+09:00 INFO shill[1460]: [INFO:service.cc(323)] Disconnecting from service 11: D-Bus RPC 2018-11-28T11:38:46.372395+09:00 INFO shill[1460]: [INFO:connection.cc(71)] 11: unbound from connection: ppp0 2018-11-28T11:38:46.373199+09:00 INFO charon[7507]: 08[KNL] 172.16.5.28 disappeared from ppp0
,
Jan 11
,
Jan 11
This issue has an owner, a component and a priority, but is still listed as untriaged or unconfirmed. By definition, this bug is triaged. Changing status to "assigned". Please reach out to me if you disagree with how I've done this.
,
Jan 15
,
Jan 21
(2 days ago)
Hi there, is there any update on this bug? Just wanted to check current status. |
|||||||||
►
Sign in to add a comment |
|||||||||
Comment 1 by nshimura@google.com
, Dec 18