Bug 475337
| Summary: | insecure aggressive mode is preferred against more secure main mode in generated configuration | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Bill Nottingham <notting> | ||||
| Component: | ipsec-tools | Assignee: | Tomas Mraz <tmraz> | ||||
| Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | medium | ||||||
| Version: | rawhide | CC: | iarlyy, notting, patrick, rvokal, tmraz | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | ipsec-tools-0.8.0-4.fc17 | Doc Type: | Bug Fix | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2012-01-26 15:55:44 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | 201853 | ||||||
| Bug Blocks: | |||||||
| Attachments: |
|
||||||
|
Description
Bill Nottingham
2008-12-08 21:57:52 UTC
Bill, was it solved? I will go to change it to Assigned, I'm not sure that was solved. Thanks. Has not been applied yet. *** Bug 497554 has been marked as a duplicate of this bug. *** This bug appears to have been reported against 'rawhide' during the Fedora 11 development cycle. Changing version to '11'. More information and reason for this action is here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping Created attachment 354123 [details]
Updated patch against rawhide (initscripts-8.95.1)
*** This problem is not yet resolved in rawhide ***
The attached patch is adapted from the previous one (version 2) for the current script version.
2 fixes to the previous patch have been added:
_ $MODE = 'host' cannot be true: replaced by $MODE = 'transport'
_ In case $MODE = 'tunnel', "sainfo subnet" is used instead of "sainfo address"
I hope it helps
This message is a reminder that Fedora 11 is nearing its end of life. Approximately 30 (thirty) days from now Fedora will stop maintaining and issuing updates for Fedora 11. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as WONTFIX if it remains open with a Fedora 'version' of '11'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version prior to Fedora 11's end of life. Bug Reporter: Thank you for reporting this issue and we are sorry that we may not be able to fix it before Fedora 11 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora please change the 'version' of this bug to the applicable version. If you are unable to change the version, please add a comment here and someone will do it for you. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. The process we are following is described here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping This message is a reminder that Fedora 13 is nearing its end of life. Approximately 30 (thirty) days from now Fedora will stop maintaining and issuing updates for Fedora 13. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as WONTFIX if it remains open with a Fedora 'version' of '13'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version prior to Fedora 13's end of life. Bug Reporter: Thank you for reporting this issue and we are sorry that we may not be able to fix it before Fedora 13 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora please change the 'version' of this bug to the applicable version. If you are unable to change the version, please add a comment here and someone will do it for you. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. The process we are following is described here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping I'm deeply disappointed this 30 month old bug (yes, 2.5 years!) is still present (in version 9.30-1), although a patch fixing it has been provided... Trying to help with this important package feels like a pain in the ass: see also bugs 498472 and 665378 :-(( Resetting version to rawhide once again. To be completely honest, ipsec-tools support is deprecated in favor of openswan; in that case we work by just having openswan configurations brought up by that package itself, not done through ifcfg files. The likely way forward is to move ifup/ifdown-ipsec to the ipsec-tools package itself.
> ... move ifup/ifdown-ipsec to the ipsec-tools package itself.
Why not, if it can resolve this bug: IMHO, every solution is better than the current stalled situation.
Scripts have been moved in rawhide. ... and problem is still not fixed :-( Now the main mode is preferred over the aggressive mode. I've just seen it you fixed it. Many thanks :-) |