Bug 147001
Summary: | ifup-ipsec incompatible with kernel >= 2.6.10 | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Tyler Larson <redhat-bugzilla> |
Component: | initscripts | Assignee: | Bill Nottingham <notting> |
Status: | CLOSED ERRATA | QA Contact: | Brock Organ <borgan> |
Severity: | high | Docs Contact: | |
Priority: | medium | ||
Version: | 3 | CC: | ckjohnson, rvokal, trevor |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2005-03-07 20:06:13 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Tyler Larson
2005-02-03 16:17:33 UTC
Fix: @@ -164,6 +164,12 @@ ${KEY_ESP_IN:+esp/tunnel/$DST-$SRC/require} ${KEY_AH_IN:+ah/tunnel/$DST-$SRC/require} ; + +spdadd $DSTNET $SRCNET any -P fwd ipsec + ${KEY_ESP_IN:+esp/tunnel/$DST-$SRC/require} + ${KEY_AH_IN:+ah/tunnel/$DST-$SRC/require} + ; + EOF fi fi Did you try the test update? Yes. Sorry about not seeing that earlier. It does fix this bug, but doesn't fix #140654. Sorry to keep harping on this, but fixing this bug doesn't help much as long as that one remains unresolved: ifup-ipsec in tunnel mode is still doesn't work. Of course what is done in ifup should be undone in ifdown. initscripts-7.93.6-1 adds fwd policies but does not remove them. Suggested patch: --- ifdown-ipsec.orig 2005-02-17 20:34:42.222228512 -0500 +++ ifdown-ipsec 2005-02-17 20:51:49.242922534 -0500 @@ -57,6 +57,7 @@ setkey -c << EOF spddelete $SRC $DST any -P out; spddelete $DST $SRC any -P in; + spddelete $DST $SRC any -P fwd; EOF else [ -z "$SRCNET" ] && SRCNET="$SRC/32" @@ -67,6 +68,7 @@ /sbin/setkey -c >/dev/null 2>&1 << EOF spddelete $SRCNET $DSTNET any -P out; spddelete $DSTNET $SRCNET any -P in; + spddelete $DSTNET $SRCNET any -P fwd; EOF fi Added in CVS. Closing this one for now; the ifup-ipsec/ifdown-ipsec changes are obviated with the ipsec-tools update. |