Bug 1213650
Summary: | "received HASH payload does not match" after updating Strongswan from 5.2.0-4.fc21 to 5.2.2-2.fc21 | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Kristian McColm <kristianmccolm> |
Component: | strongswan | Assignee: | Pavel Šimerda (pavlix) <psimerda> |
Status: | CLOSED UPSTREAM | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | high | Docs Contact: | |
Priority: | unspecified | ||
Version: | 21 | CC: | avagarwa, kristianmccolm, psimerda, pwouters |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-06-09 09:31:57 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Kristian McColm
2015-04-21 02:09:50 UTC
Hi, strongswan as a package is pretty new in Fedora and so far it worked well to handle all issues including security ones by updating the upstream package for all supported Fedora versions. I do not see any significant changes between upstream 5.2.0 and 5.2.2 regarding HASH payload. It might be useful to bring the issue upstream and provide them with enough configuration information. Apart from upstream changes, we changed the configure options. See also: * https://wiki.strongswan.org/issues/501 (older issue, same symptoms) * https://www.mail-archive.com/users@lists.strongswan.org/msg06064.html (likewise) I recognize there is a reported inperoperability issue between strongswan versions with equal configuration but I'm afraid we do not have the resources to fully research it in the Fedora project, sorry. Therefore I think it's more practical to close this issue as UPSTREAM. Please work with upstream to resolve the issue and let us know if it gets fixed. Posting resolution for benefit of others: Please refer to the thread from another user with same problem in upstream list: https://lists.strongswan.org/pipermail/users/2014-October/006871.html TLDR; changing: type=tunnel to: type=transport in /etc/strongswan/ipsec.conf and restarting Strongswan resolves the issue. |