Bug 447419
Summary: | openswan ships with OE enabled by accident | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Paul Wouters <pwouters> |
Component: | openswan | Assignee: | Steve Conklin <fedora> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | urgent | Docs Contact: | |
Priority: | urgent | ||
Version: | 9 | CC: | gresko |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2009-01-23 16:02:58 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Paul Wouters
2008-05-19 20:59:31 UTC
note that in openswan-2.4.x the oe= option did not exist, and OE was disabled by including /etc/ipsec.d/examples/no_oe.conf. note: openswan-2.6.9 has broken IKEv2 code. It is incompatable with other IKEv2 daemons and with openswan-2.6.12+. Please use 2.6.13 (or 2.6.14 when available) patch4 also breaks dynamic clents using left=%defaultroute. please remove that broken patch. - I see that oe=off is still not enabled in the ipsec.conf :( - There is no virtual_private= defined, so it won't work as client behind NAT - Many fixes between 2.6.14 - 2.6.18, should really update the entire package. See CHANGES - openswan-2.6-intwarning.patch breaks certain setups and should really NOT be applied to the package anymore. - why not Buildrequires: xmlto so we can build up to date man pages from xml? openswan-2.6-noxmlto.patch should go away IMHO I just checked openswan-2.6.18-1.fc10 - openswan-2.6.16-initscript-correction.patch will cause breaking with NFS mounts via IPsec. (obviously /usr is a problem, but others don't have to be) - oe=off should still be added - virtual_private= with RFC1918 space should still be added (see man ipsec.conf) - openswan-2.6-intwarning.patch is still an urgent problem - Why compile with USE_LWRES=false ? It would be better to BuildRequire: bind-devel. We haven't been testing with USE_LWRES=false for about a year now, as it is the obsolete resolving method (we need lwres for non-blocking dns helper threads and for DNSSEC) - License: GPLv2+ That's wrong. The license is v2, not v2+ It is also partially BSD license for some crypto code. - rm -rf programs/readwriteconf why is that done? readwriteconf is only used when running 'make check' ? original bug is closed, the rest is just chatter that does not really matter anymore. |