Bug 444166
Summary: | [IPv6-DoD] openswan IKEv2 crashes when interoperating with racoon2 | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 5 | Reporter: | Linda Wang <lwang> |
Component: | openswan | Assignee: | Avesh Agarwal <avagarwa> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | urgent | ||
Version: | 5.2 | CC: | cward, ebenes, herbert.xu, jhrozek, jplans, lwang, mvadkert, pwouters, sgrubb, tgraf, tis, tyhicks |
Target Milestone: | rc | Keywords: | OtherQA, ZStream |
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | All | ||
Whiteboard: | GSSApproved | ||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2009-09-02 11:18:43 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 441588 | ||
Bug Blocks: | 253764, 450129 |
Description
Linda Wang
2008-04-25 15:52:25 UTC
Clone from bug 439771. open this bug to track the validation of RFC4306. *** Bug 444167 has been marked as a duplicate of this bug. *** This is addressed in openswan-2.6.13. 2.6.14rc7-1 was built to address the problem being reported. Tyler, have you had a chance to try the new openswan 2.6.14 with racoon2? I can't seem to get neither opeswan-2.6.12 (which was supposed to be working as initiator) nor 2.6.14 working with racoon2.. --- # ipsec auto --verbose --up swan-racoon 002 "swan-racoon" #1: initiating v2 parent SA 133 "swan-racoon" #1: STATE_PARENT_I1: initiate 002 "swan-racoon" #1: transition from state STATE_IKEv2_START to state STATE_PARENT_I1 133 "swan-racoon" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 010 "swan-racoon" #1: STATE_PARENT_I1: retransmission; will wait 20s for response 010 "swan-racoon" #1: STATE_PARENT_I1: retransmission; will wait 40s for response --- Hi Jakub - I can't seem to get to openswan.org in order to fetch the final 2.6.14 sources and I don't think that I have access to the RH rpm yet. But I have openswan-2.6.14rc7 and racoon2-20071227e (both built from source) working great, no matter which one is the initiator. As soon as I see openswan.org back up, I will give 2.6.14 a try and let you know. www.openswan.org should be back shortly, once xend starts giving the xenu some networking again :P Jakub, I built openswan-2.6.14 and I have no problem negotiating with racoon2. It must be a problem with your configs. Include some info from /var/log/secure and maybe I'll remember running into the same problem in the past. :) ~~ Attention - RHEL 5.4 Beta Released! ~~ RHEL 5.4 Beta has been released! There should be a fix present in the Beta release that addresses this particular request. Please test and report back results here, at your earliest convenience. RHEL 5.4 General Availability release is just around the corner! If you encounter any issues while testing Beta, please describe the issues you have encountered and set the bug into NEED_INFO. If you encounter new issues, please clone this bug to open a new issue and request it be reviewed for inclusion in RHEL 5.4 or a later update, if it is not of urgent severity. Please do not flip the bug status to VERIFIED. Only post your verification results, and if available, update Verified field with the appropriate value. Questions can be posted to this bug or your customer or partner representative. ~~ Attention Partners - RHEL 5.4 Snapshot 1 Released! ~~ RHEL 5.4 Snapshot 1 has been released on partners.redhat.com. If you have already reported your test results, you can safely ignore this request. Otherwise, please notice that there should be a fix available now that addresses this particular request. Please test and report back your results here, at your earliest convenience. The RHEL 5.4 exception freeze is quickly approaching. If you encounter any issues while testing Beta, please describe the issues you have encountered and set the bug into NEED_INFO. If you encounter new issues, please clone this bug to open a new issue and request it be reviewed for inclusion in RHEL 5.4 or a later update, if it is not of urgent severity. Do not flip the bug status to VERIFIED. Instead, please set your Partner ID in the Verified field above if you have successfully verified the resolution of this issue. Further questions can be directed to your Red Hat Partner Manager or other appropriate customer representative. ~~ Attention Partners - RHEL 5.4 Snapshot 5 Released! ~~ RHEL 5.4 Snapshot 5 is the FINAL snapshot to be release before RC. It has been released on partners.redhat.com. If you have already reported your test results, you can safely ignore this request. Otherwise, please notice that there should be a fix available now that addresses this particular issue. Please test and report back your results here, at your earliest convenience. If you encounter any issues while testing Beta, please describe the issues you have encountered and set the bug into NEED_INFO. If you encounter new issues, please clone this bug to open a new issue and request it be reviewed for inclusion in RHEL 5.4 or a later update, if it is not of urgent severity. If it is urgent, escalate the issue to your partner manager as soon as possible. There is /very/ little time left to get additional code into 5.4 before GA. Partners, after you have verified, do not flip the bug status to VERIFIED. Instead, please set your Partner ID in the Verified field above if you have successfully verified the resolution of this issue. Further questions can be directed to your Red Hat Partner Manager or other appropriate customer representative. An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHEA-2009-1350.html |