Bug 172145
Summary: | amd64 devel build of vpnc doesn't work | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Alexandre Oliva <oliva> |
Component: | vpnc | Assignee: | Tomas Mraz <tmraz> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | rawhide | CC: | alex, andreas.bierfert, benl, caillon, ckloiber, djuran, extras-qa, jakub, jesusr, marcrho, twaugh |
Target Milestone: | --- | Keywords: | Reopened |
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | vpnc-0.3.3-9 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2006-06-07 14:02:04 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 162161 |
Description
Alexandre Oliva
2005-10-31 20:11:51 UTC
The vpnc-0.3.3-3.4 and 0.3.3-4 are identical except release number and build environment. Have you tried to rebuild the src.rpm if it helps? Maybe the devel build environment was somehow broken when vpnc-0.3.3-4 was built. I haven't tried that yet (was going to try next), but I have just tried vpnc-0.3.3-4.i386.rpm on the AMD64 box, and it's working perfectly. Please try to recompile it as x86_64. I don't have any rawhide x86_64 box available where I could test vpnc. Rebuilding vpnc-0.3.3-4 (or -3.4, for that matter) on FC devel results a non-working binary. Looks like we got a toolchain bug. I can only see a few minor differences between the assembly code generated on FC4 from that generated on FC devel. I'm looking into them. I can actually see many more differences if I compile with the same command-line options that rpmbuild uses :-) If I compile everything with rpmbuild on FC devel, and then recompile vpnc.o without -fstack-protector, it works. If I use the rpmbuild-built binary, then it appears to work to some extent, as in, packets go out on port 4500, but nothing ever comes back. Hmm what about comparing the first packet sent from the working and non-working vpncs? How do they differ? I thought about that. The authentication proceeds correctly (AFAICT). There's a short packet exchange that goes all right. It's only after authentication completes and normal data starts flowing that replies stop being delivered, and at that point the packets are supposed to be all encrypted, and with different keys, so comparing them is of no use :-( For the record, rebuilding vpnc with gcc 4.1.0-0.8 does NOT fix the problem :-( FYI, its working for me now. Thank you. vpnc-0.3.3-6.x86_64.rpm So that was a gcc problem because nothing else changed. The breakage is back in 0.3.3-7.x86_64 :-( .i386 works. Broken for me too. just rebuilt vpnc locally from source and now it works: vpnc-0.3.3-7 gcc-4.1.0-3 I'm having the exact same problem as described in Comment #7. I'm using vpnc-0.3.3-7.x86_64 gcc-4.1.0-3.x86_64 I tried rebuilding the src rpm with no help. I built vpnc from the subversion repo and it works just fine. http://svn.unix-ag.uni-kl.de/vpnc/trunk/ The biggest differences I see between the subversion code is the rekeying patch. But removing the rekeying patch from the src rpm and rebuilding doesn't fix the problem either. Vpnc connects fine, but can't ping or do anything afterwards. The difference which makes it work between the vpnc from extras and your build from the subversion repo is most probably the -fstack-protector option which is not there if you build it from the subversion repo. Noticed something new the other day... with 0.3.3-7 on FC5, vpnc tried got all the routing wrong, tried to change the default route to go over tun0 device and never set up routes to internal networks correctly. Upshot was you could ping the external ip of the vpn gateway, but nothing else internal or external. I can confirm that disabling stack protector makes vpnc work again. I disabled stack protector in /usr/lib/rpm/redhat/macros , revved the spec, and rebuilt. I can now pass packets through. Obviously disabling stack protector is the wrong fix. We should do this better, but for those who need a working vpnc, RPMs are temporarily available at: http://people.redhat.com/caillon/RPMS/rawhide/vpnc/ I wasn't able to isolate the problem so I've disabled stack-protector on x86_64 build in FE5 and FE devel. Close, but no cigar... the compiler directive that breaks vpnc is -fstack-protector as opposed of -f-stack-protector (-: /David vpnc-0.3.3-7.2 and vpnc-0.3.3-9 should be finally OK. Oddly, vpnc-0.3.3-8 was working fine for me on rawhide/x86_64. Maybe the GCC bug got fixed or latent? Now that's even more odd since gcc for the moment is identical on FC-5 and rawhide... |