Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit here or GitHub Ξ
Ξ If you're looking for tutorials/guides, check out the new https://cryptostorm.is/#section6 Ξ

QUIC woes

Looking for assistance with a cryptostorm connection issue? Post here & we'll help out. Also: if you're not sure where to post, do so here & we'll move things around as needed. Also: for quickest support, email our oddly calm & easygoing support reps at support@cryptostorm.is :)

Topic Author
blardy
Posts: 2
Joined: Wed Feb 07, 2018 6:36 am

QUIC woes

Postby blardy » Mon Feb 12, 2018 7:21 am

Okay, I am posting this here because I contacted "support" and they were zero help (no response)

Running Wireshark, I've noticed weird behavior since the upgrade to new widget and certs.

The first 20 minutes of a connection is good. Wireshark shows perfect QUIC packets with an encrypted payload. Then, at roughly the 20 minute mark, the server starts sending a pile of QUIC Version Negotiation packets. There are mixed in with the payload packets, probably two or three times as many.
Wireshark now flags the packets as malformed

Excerpts:
(from packet list pane)
QUIC Version Negotiation, CID: 0

(from packet details pane)
QUIC (Quick UDP Internet Connections)
[Expert Info (Error/Malformed): Invalid Version]
Public Flags: 0x31
Version: -\357\277\275cJ
Version: \004)\006\020
Version: \357\277\275\357\277\275P\357\277\275
Version: \357\277\275\r?\357\277\275
Version: X\357\277\275Zy
etc

If I let this situation run longer then eventually all packets sent by the server are warning-flagged by Wireshark as malformed in the packets list pane.

Resetting the connection, even to the same node, starts the above cycle again. Can anybody else confirm this kind of behavior? Does anybody know what is going on? Or what the implications are?

I'm just finding the new widget kinda buggy in other ways too - like leaving rules in the firewall when the client is closed or leaving the CS DNS server address in the IP config

User avatar

Fermi
Site Admin
Posts: 226
Joined: Tue Jun 17, 2014 11:42 am

Re: QUIC woes

Postby Fermi » Mon Feb 12, 2018 12:01 pm

Hi,

I don't recall to have seen a mail in our mailbox related to this.
QUIC (Quick UDP Internet Connections) isn't a protocol we use, so the right dissector would be OpenVPN instead.
So the output of wireshark isn't relevant as you are using the wrong dissector.

Every 20 minutes key renewal takes place, so this is perhaps what you are noticing.

/Fermi


Topic Author
blardy
Posts: 2
Joined: Wed Feb 07, 2018 6:36 am

Re: QUIC woes

Postby blardy » Mon Feb 12, 2018 4:29 pm

OK Thanks for the reply.
Apologies for my shortness if you didn't get my initial email.
Yes, Wireshark defaults to the QUIC dissector for CS traffic, but I'll change that.


Return to “member support & tech assistance”

Who is online

Users browsing this forum: Google [Bot] and 35 guests

cron

Login