[Bug 1874257] Re: SSH fails with connection timed out - in VPN and hangs here "expecting SSH2_MSG_KEX_ECDH_REPLY" + Ubuntu 16.04.6 LTS
Ubuntu Xenial has reached end of standard support, so I marked its task as Won't Fix. ** Changed in: openconnect (Ubuntu Xenial) Status: Confirmed => Won't Fix -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1874257 Title: SSH fails with connection timed out - in VPN and hangs here "expecting SSH2_MSG_KEX_ECDH_REPLY" + Ubuntu 16.04.6 LTS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1874257/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1874257] Re: SSH fails with connection timed out - in VPN and hangs here "expecting SSH2_MSG_KEX_ECDH_REPLY" + Ubuntu 16.04.6 LTS
@family-gan are you saying this is an issue in Ubuntu Impish (21.10)? It seems to be already fixed in supported releases. Could you share any steps to reproduce it? If you consider the issue you are facing different than the one discussed in this bug please consider filing a separate bug. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1874257 Title: SSH fails with connection timed out - in VPN and hangs here "expecting SSH2_MSG_KEX_ECDH_REPLY" + Ubuntu 16.04.6 LTS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1874257/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1874257] Re: SSH fails with connection timed out - in VPN and hangs here "expecting SSH2_MSG_KEX_ECDH_REPLY" + Ubuntu 16.04.6 LTS
I faced with same issue after changed router from Zyxel Keenetic Lite to Xiaomi A4 Giga Edition. My connection use PPPOE on router. Ubuntu 21.10 and openconnect VPN. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1874257 Title: SSH fails with connection timed out - in VPN and hangs here "expecting SSH2_MSG_KEX_ECDH_REPLY" + Ubuntu 16.04.6 LTS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1874257/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1874257] Re: SSH fails with connection timed out - in VPN and hangs here "expecting SSH2_MSG_KEX_ECDH_REPLY" + Ubuntu 16.04.6 LTS
@Stuart-ward wrote… > This is still a current problem > > $ dpkg -l | grep -i openvpn > ii network-manager-openvpn 1.8.14-1 amd64 network management framework > (OpenVPN plugin core) > ii network-manager-openvpn-gnome 1.8.14-1 amd64 network management framework > (OpenVPN plugin GNOME GUI) > ii openvpn 2.5.1-3ubuntu1 amd64 virtual private network daemon Once again, OpenConnect and OpenVPN are *not* the same thing. At all. For your VPN connection, are you using OpenConenct (the original subject of this bug report), or are you using OpenVPN (completely different and should have a separate bug files)? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1874257 Title: SSH fails with connection timed out - in VPN and hangs here "expecting SSH2_MSG_KEX_ECDH_REPLY" + Ubuntu 16.04.6 LTS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1874257/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1874257] Re: SSH fails with connection timed out - in VPN and hangs here "expecting SSH2_MSG_KEX_ECDH_REPLY" + Ubuntu 16.04.6 LTS
This is still a current problem $ dpkg -l | grep -i openvpn ii network-manager-openvpn 1.8.14-1 amd64network management framework (OpenVPN plugin core) ii network-manager-openvpn-gnome 1.8.14-1 amd64network management framework (OpenVPN plugin GNOME GUI) ii openvpn 2.5.1-3ubuntu1 amd64virtual private network daemon $ lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description:Ubuntu 21.10 Release:21.10 Codename: impish -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1874257 Title: SSH fails with connection timed out - in VPN and hangs here "expecting SSH2_MSG_KEX_ECDH_REPLY" + Ubuntu 16.04.6 LTS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1874257/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1874257] Re: SSH fails with connection timed out - in VPN and hangs here "expecting SSH2_MSG_KEX_ECDH_REPLY" + Ubuntu 16.04.6 LTS
See this AskUbuntu item on this bug https://askubuntu.com/questions/1229456/ssh-fails-with-connection-timed-out-in-vpn-and-hangs-here-expecting-ssh2-msg I resolved this with the suggested setting: > As a temporary workaround, setting the KEX algorithm manually solves this > problem for me. > Add KexAlgorithms ecdh-sha2-nistp521 to the corresponding SSH config, or add > -oKexAlgorithms=ecdh-sha2-nistp521 to the command line args for one time use. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1874257 Title: SSH fails with connection timed out - in VPN and hangs here "expecting SSH2_MSG_KEX_ECDH_REPLY" + Ubuntu 16.04.6 LTS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1874257/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1874257] Re: SSH fails with connection timed out - in VPN and hangs here "expecting SSH2_MSG_KEX_ECDH_REPLY" + Ubuntu 16.04.6 LTS
Thanks Dan and chris for the update, I can understand this will not backport in Xenial openconnect version correct. Because most of our Ubuntu desktop/laptop running on 16.04.6 LTS version and i see it has support agreement until April 2021. If there is any chance to backport this MTU detection handling on openconnect 7.06, then it would be really great. Thanks Jay -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1874257 Title: SSH fails with connection timed out - in VPN and hangs here "expecting SSH2_MSG_KEX_ECDH_REPLY" + Ubuntu 16.04.6 LTS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1874257/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1874257] Re: SSH fails with connection timed out - in VPN and hangs here "expecting SSH2_MSG_KEX_ECDH_REPLY" + Ubuntu 16.04.6 LTS
Yeah Dan, thanks for chiming in. In particular that would be at least (but not lmited to) the changes: 8.04 Rework DTLS MTU detection. (#10) 7.08 Support automatic DTLS MTU detection with OpenSSL. 7.07 Automatic DTLS MTU detection. Ubuntu has these newer versions. Bionic 18.04 is on 7.08 and the most recent LTS Focal is at 8.05. The current development release is at the latest 8.09 of openconnect. These are new features added in 7.07 and 7.08 - IMHO they do not qualify for a SRU release into Xenial [1] - especially since you can "get away" with a config change that mitigates the issue. [1]: https://wiki.ubuntu.com/StableReleaseUpdates ** Also affects: openssh (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: linux (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: openconnect (Ubuntu Xenial) Importance: Undecided Status: New ** No longer affects: linux (Ubuntu Xenial) ** No longer affects: openssh (Ubuntu Xenial) ** Changed in: openssh (Ubuntu) Status: Confirmed => Invalid ** Changed in: openconnect (Ubuntu Xenial) Status: New => Confirmed ** Changed in: openconnect (Ubuntu) Status: Confirmed => Fix Released ** Changed in: openconnect (Ubuntu Xenial) Importance: Undecided => Wishlist -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1874257 Title: SSH fails with connection timed out - in VPN and hangs here "expecting SSH2_MSG_KEX_ECDH_REPLY" + Ubuntu 16.04.6 LTS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1874257/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1874257] Re: SSH fails with connection timed out - in VPN and hangs here "expecting SSH2_MSG_KEX_ECDH_REPLY" + Ubuntu 16.04.6 LTS
It appears you are using *OpenConnect*, although both the strings OpenVPN and OpenConnect appear in prior posts. These are *completely different* VPN clients. You are using an *ancient* old release of OpenConnect v7.06. The automatic MTU detection logic has been vastly improved in newer versions of OpenConnect: https://www.infradead.org/openconnect/changelog.html So yes, this is indeed a bug in OpenConnect's MTU handling, but likely one which we've long since fixed upstream. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1874257 Title: SSH fails with connection timed out - in VPN and hangs here "expecting SSH2_MSG_KEX_ECDH_REPLY" + Ubuntu 16.04.6 LTS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1874257/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1874257] Re: SSH fails with connection timed out - in VPN and hangs here "expecting SSH2_MSG_KEX_ECDH_REPLY" + Ubuntu 16.04.6 LTS
** Changed in: openssh (Ubuntu) Status: Incomplete => Confirmed ** Changed in: openvpn (Ubuntu) Status: Incomplete => Confirmed ** Package changed: openvpn (Ubuntu) => openconnect (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1874257 Title: SSH fails with connection timed out - in VPN and hangs here "expecting SSH2_MSG_KEX_ECDH_REPLY" + Ubuntu 16.04.6 LTS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1874257/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1874257] Re: SSH fails with connection timed out - in VPN and hangs here "expecting SSH2_MSG_KEX_ECDH_REPLY" + Ubuntu 16.04.6 LTS
** Changed in: linux (Ubuntu) Status: Confirmed => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1874257 Title: SSH fails with connection timed out - in VPN and hangs here "expecting SSH2_MSG_KEX_ECDH_REPLY" + Ubuntu 16.04.6 LTS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1874257/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1874257] Re: SSH fails with connection timed out - in VPN and hangs here "expecting SSH2_MSG_KEX_ECDH_REPLY" + Ubuntu 16.04.6 LTS
Hello Lucas, Thanks for taking this up. Yes I can provide you the required information. Why I believe this is a bug, is due to using putty there were no issues. So ssh client is causing the issue. For fixing reducing the MTU of VPN tunnel interface fixed the issue. So I think there is still a problem with ssh client with negotiating the SSH communication. === $dpkg -l | grep -i openssh ii openssh-client 1:7.2p2-4ubuntu2.8 --> ii openssh-server 1:7.2p2-4ubuntu2.8 ii openssh-sftp-server 1:7.2p2-4ubuntu2.8 $cat /etc/ssh/ssh_config # This is the ssh client system-wide configuration file. See # ssh_config(5) for more information. This file provides defaults for # users, and the values can be changed in per-user configuration files # or on the command line. # Configuration data is parsed as follows: # 1. command line options # 2. user-specific file # 3. system-wide file # Any configuration value is only changed the first time it is set. # Thus, host-specific definitions should be at the beginning of the # configuration file, and defaults at the end. # Site-wide defaults for some commonly used options. For a comprehensive # list of available options, their meanings and defaults, please see the # ssh_config(5) man page. Host * # ForwardAgent no # ForwardX11 no # ForwardX11Trusted yes # RhostsRSAAuthentication no # RSAAuthentication yes # PasswordAuthentication yes # HostbasedAuthentication no # GSSAPIAuthentication no # GSSAPIDelegateCredentials no # GSSAPIKeyExchange no # GSSAPITrustDNS no # BatchMode no # CheckHostIP yes # AddressFamily any # ConnectTimeout 0 # StrictHostKeyChecking ask # IdentityFile ~/.ssh/identity # IdentityFile ~/.ssh/id_rsa # IdentityFile ~/.ssh/id_dsa # IdentityFile ~/.ssh/id_ecdsa # IdentityFile ~/.ssh/id_ed25519 # Port 22 # Protocol 2 # Cipher 3des # Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc # MACs hmac-md5,hmac-sha1,umac...@openssh.com,hmac-ripemd160 # EscapeChar ~ # Tunnel no # TunnelDevice any:any # PermitLocalCommand no # VisualHostKey no # ProxyCommand ssh -q -W %h:%p gateway.example.com # RekeyLimit 1G 1h SendEnv LANG LC_* HashKnownHosts yes GSSAPIAuthentication yes GSSAPIDelegateCredentials no ForwardX11Trusted yes ForwardX11Timeout 596h For VPN client connection we are using open-connect, so usually connect via $sudo openconnect $dpkg -l | grep openconnect ii libopenconnect5:amd64 7.06-2build2 amd64open client for Cisco AnyConnect VPN - shared library ii openconnect7.06-2build2 amd64open client for Cisco AnyConnect VPN I'm marking this bug status to confirmed. Thanks Jay ** Changed in: linux (Ubuntu) Status: Invalid => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1874257 Title: SSH fails with connection timed out - in VPN and hangs here "expecting SSH2_MSG_KEX_ECDH_REPLY" + Ubuntu 16.04.6 LTS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1874257/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1874257] Re: SSH fails with connection timed out - in VPN and hangs here "expecting SSH2_MSG_KEX_ECDH_REPLY" + Ubuntu 16.04.6 LTS
Thank you for taking the time to file a bug report. In order to reproduce the bug you faced, could you please share your config files? OpenSSH and OpenVPN ones. Otherwise we cannot do anything. Since there is not enough information in your report to begin triage or to differentiate between a local configuration problem and a bug in Ubuntu, I am marking this bug as "Incomplete". We would be grateful if you would: provide a more complete description of the problem, explain why you believe this is a bug in Ubuntu rather than a problem specific to your system, and then change the bug status back to "New". For local configuration issues, you can find assistance here: http://www.ubuntu.com/support/community ** Changed in: linux (Ubuntu) Status: Confirmed => Invalid ** Changed in: openssh (Ubuntu) Status: New => Incomplete ** Changed in: openvpn (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1874257 Title: SSH fails with connection timed out - in VPN and hangs here "expecting SSH2_MSG_KEX_ECDH_REPLY" + Ubuntu 16.04.6 LTS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1874257/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1874257] Re: SSH fails with connection timed out - in VPN and hangs here "expecting SSH2_MSG_KEX_ECDH_REPLY" + Ubuntu 16.04.6 LTS
Hello, This is an issue with VPN MTU configuration. May I know the root cause why this is causing the issue? After adjusted the MTU , this is fixed. As the same time putty works without any modification. Why ssh client not negotiating properly with the default MTU It could be a noisy or unreliable connection to the server. Probably that data corruption is happening to the packet when it is sent, which is my assumption https://en.wikipedia.org/wiki/Maximum_transmission_unit https://en.wikipedia.org/wiki/Forward_error_correction >From ubuntu community point of view any suggestions> thanks Jay ** Changed in: linux (Ubuntu) Status: Incomplete => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1874257 Title: SSH fails with connection timed out - in VPN and hangs here "expecting SSH2_MSG_KEX_ECDH_REPLY" + Ubuntu 16.04.6 LTS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1874257/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1874257] Re: SSH fails with connection timed out - in VPN and hangs here "expecting SSH2_MSG_KEX_ECDH_REPLY" + Ubuntu 16.04.6 LTS
** Also affects: openssh (Ubuntu) Importance: Undecided Status: New ** Also affects: openvpn (Ubuntu) Importance: Undecided Status: New ** Changed in: linux (Ubuntu) Status: Confirmed => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1874257 Title: SSH fails with connection timed out - in VPN and hangs here "expecting SSH2_MSG_KEX_ECDH_REPLY" + Ubuntu 16.04.6 LTS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1874257/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1874257] Re: SSH fails with connection timed out - in VPN and hangs here "expecting SSH2_MSG_KEX_ECDH_REPLY" + Ubuntu 16.04.6 LTS
After changing the VPN interface MTU to 1100, fixed the problem. May I know why this behaviour occurred? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1874257 Title: SSH fails with connection timed out - in VPN and hangs here "expecting SSH2_MSG_KEX_ECDH_REPLY" + Ubuntu 16.04.6 LTS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1874257/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1874257] Re: SSH fails with connection timed out - in VPN and hangs here "expecting SSH2_MSG_KEX_ECDH_REPLY" + Ubuntu 16.04.6 LTS
Hello Team, We tried to change the MTU setting to 1200, still no luck. Shared all information in the comment. Please let me know Thanks Jay ** Changed in: linux (Ubuntu) Status: Incomplete => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1874257 Title: SSH fails with connection timed out - in VPN and hangs here "expecting SSH2_MSG_KEX_ECDH_REPLY" + Ubuntu 16.04.6 LTS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1874257/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1874257] Re: SSH fails with connection timed out - in VPN and hangs here "expecting SSH2_MSG_KEX_ECDH_REPLY" + Ubuntu 16.04.6 LTS
** Changed in: linux (Ubuntu) Status: Incomplete => New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1874257 Title: SSH fails with connection timed out - in VPN and hangs here "expecting SSH2_MSG_KEX_ECDH_REPLY" + Ubuntu 16.04.6 LTS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1874257/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1874257] Re: SSH fails with connection timed out - in VPN and hangs here "expecting SSH2_MSG_KEX_ECDH_REPLY" + Ubuntu 16.04.6 LTS
Tried with putty no issues. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1874257 Title: SSH fails with connection timed out - in VPN and hangs here "expecting SSH2_MSG_KEX_ECDH_REPLY" + Ubuntu 16.04.6 LTS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1874257/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
