VyOS 1.3 rolling SSH not working on vif-s interface

howardt · July 9, 2020, 7:07am

Hi,

I am currently testing the VyOS 1.3 rolling, I found that if the IP address is configured under vif-s, that IP address will not be able to remote access the VyOS. I can ping the IP address successfully, but I cannot ssh to the VyOS.

Thank you.

Viacheslav · July 9, 2020, 7:56am

@howardt
I can’t reproduce it on latest rolling “VyOS 1.3-rolling-202007070117”
All worked fine.

R1

set interfaces ethernet eth0 vif-s 3215 ethertype '0x8100'
set interfaces ethernet eth0 vif-s 3215 vif-c 122 address '10.0.53.21/31'

R2

set interfaces ethernet eth0 vif-s 3215 ethertype '0x8100'
set interfaces ethernet eth0 vif-s 3215 vif-c 122 address '10.0.53.20/31'

SSH from R2 to R1

vyos@roll2:~$ ssh vyos@10.0.53.21
Welcome to VyOS
vyos@10.0.53.21's password: 
Linux r-roll 4.19.131-amd64-vyos #1 SMP Sun Jul 5 09:43:35 UTC 2020 x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Thu Jul  9 07:52:42 2020 from 10.0.53.20
vyos@r-roll:~$

howardt · July 9, 2020, 8:09am

Could you try to reboot it and do ssh again? I am still checking the problem, it seems not working only on vif-s interface. it was working on version 1.1.7, but not working after change to 1.3 rolling. Thank you.

Viacheslav · July 9, 2020, 8:25am

In the test lab, it working even after reboot.

If you use it in a real scheme, check that your MTU size ‘ge 1504’. So you need 4 bytes for the second tag.
Try to dump the packets. It will be more clear.
In the test lab on libvirt-kvm all work fine ever without change MTU size.

Describe the procedure, how to reproduce this bug?

tjh · July 9, 2020, 9:47pm

@howardt
You haven’t gone and set "set service ssh listen-address " and then forgotten to add your new IP address of your vif, have you?

I’ve done that before.

howardt · July 10, 2020, 8:00am

I have set both, but still not work. there is no firewall but I only can ping outside. but TCP and UDP seems dropped. I do the clean install, but no luck. I believe that is not configuration problem, as the q in q VLAN is working in vyos version 1.1.7.

Viacheslav · July 10, 2020, 12:30pm

@howardt provide please your configuration, section ssh

howardt · July 11, 2020, 7:14am

My configuration is simple, please see the screen capture.

howardt · July 11, 2020, 7:25am

I have tried to tcpdump and see the cksum for return packet is incorrect, is this cause the ssh fail?

Viacheslav · July 13, 2020, 3:18pm

What version of the VMware?
For some people, this did not work in version 6.7

howardt · July 14, 2020, 8:49am

Just found out the issue, in vmware platform, I have 6 hosts, the ssh works after migrated to another host. It seems blocked by physical server. I am not sure this is related to hardware issue or vmware problem. thank you Viacheslav for helping on this case.

Seems this is not working on Broadcom NIC, hope other people aware this hardware problem.

system · July 16, 2020, 8:49am

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.