Bug 150094
Summary: | racoon/setkey won't complete connection to openswan | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Douglas E. Warner <silfreed> |
Component: | initscripts | Assignee: | Bill Nottingham <notting> |
Status: | CLOSED INSUFFICIENT_DATA | QA Contact: | Brock Organ <borgan> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | rawhide | CC: | bojan, rbulling, rvokal, triage |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i686 | ||
OS: | Linux | ||
Whiteboard: | bzcl34nup | ||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2008-05-07 00:07:00 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Attachments: |
Description
Douglas E. Warner
2005-03-02 14:48:13 UTC
Created attachment 111571 [details]
FC3 Openswan Config Excerpt
Created attachment 111572 [details]
FC3 Openswan Log when tunnel is trying to come up
Created attachment 111573 [details]
FC2 Racoon ifcfg interface
Created attachment 111574 [details]
FC2 Racoon modified $DST.conf
Created attachment 111575 [details]
FC2 Racoon Log when tunnel is trying to come up
Created attachment 111576 [details]
FC2 ifup-ipsec modified lines to make tunnel work
This FreeSWAN interoperability problem also exists in RHEL 3 and RHEL 4. Adding an option to the ifconfig-ipsec* configuration files that gets parsed by the ifup-ipsec script could help. That option should specify whether AH is required. It should be enabled by default, but you should be able to turn it off if your IPSEC peer does not support AH. Created attachment 120854 [details]
Patch to disable AH in RHEL4
Here's a patch vs. RHEL4 that disables AH completely. I would not propose
including this patch directly, but instead to use it for testing so that a
working ifup-ipsec that understands some sort of syntax in ifcfg-ipsec* similar
to one of:
# This option would require both AH and ESP (the status quo)
POLICY_REQUIRE=AH+ESP
# This option would require only ESP, yielding results similar to the
# enclosed patch
POLICY_REQUIRE=ESP
Note that I did not get racoon to completely interoperate with the patch that I posted on 2005-11-09, but it did help the key negotiation proceed farther than it had before. Based on the date this bug was created, it appears to have been reported against rawhide during the development of a Fedora release that is no longer maintained. In order to refocus our efforts as a project we are flagging all of the open bugs for releases which are no longer maintained. If this bug remains in NEEDINFO thirty (30) days from now, we will automatically close it. If you can reproduce this bug in a maintained Fedora version (7, 8, or rawhide), please change this bug to the respective version and change the status to ASSIGNED. (If you're unable to change the bug's version or status, add a comment to the bug and someone will change it for you.) Thanks for your help, and we apologize again that we haven't handled these issues to this point. The process we're following is outlined here: http://fedoraproject.org/wiki/BugZappers/F9CleanUp We will be following the process here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping to ensure this doesn't happen again. This bug has been in NEEDINFO for more than 30 days since feedback was first requested. As a result we are closing it. If you can reproduce this bug in the future against a maintained Fedora version please feel free to reopen it against that version. The process we're following is outlined here: http://fedoraproject.org/wiki/BugZappers/F9CleanUp |