| Summary: | Openswan-IKEv2 can not setup 2nd SA with traffic selector for different host behind the same security gateway. | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Avesh Agarwal <avagarwa> | ||||||||
| Component: | openswan | Assignee: | Avesh Agarwal <avagarwa> | ||||||||
| Status: | CLOSED ERRATA | QA Contact: | Aleš Mareček <amarecek> | ||||||||
| Severity: | high | Docs Contact: | |||||||||
| Priority: | high | ||||||||||
| Version: | 6.1 | CC: | amarecek, iboverma, sgrubb | ||||||||
| Target Milestone: | rc | ||||||||||
| Target Release: | --- | ||||||||||
| Hardware: | Unspecified | ||||||||||
| OS: | Linux | ||||||||||
| Whiteboard: | |||||||||||
| Fixed In Version: | openswan-2_6_32-4_el6 | Doc Type: | Bug Fix | ||||||||
| Doc Text: | Story Points: | --- | |||||||||
| Clone Of: | Environment: | ||||||||||
| Last Closed: | 2011-05-19 13:55:31 UTC | Type: | --- | ||||||||
| Regression: | --- | Mount Type: | --- | ||||||||
| Documentation: | --- | CRM: | |||||||||
| Verified Versions: | Category: | --- | |||||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||||
| Attachments: |
|
||||||||||
|
Description
Avesh Agarwal
2011-03-09 20:29:28 UTC
Attached logs provided by UNH people. Created attachment 483299 [details]
conf file
Created attachment 483300 [details]
ipsec barf output
Created attachment 483302 [details]
logs of the test
Testing instructions for QE:
1. Configure IPsec nodes as follows:
IPsec node 1 (*.conf):
conn test1
auto=add
authby=secret
left=192.168.122.181
right=192.168.122.165
ike=3des-sha1
esp=3des-sha1
rightsubnet=192.168.122.165/32
leftsubnet=192.168.122.183/32
ikev2=insist
conn test2
auto=add
authby=secret
left=192.168.122.181
right=192.168.122.165
ike=3des-sha1
esp=3des-sha1
rightsubnet=192.168.122.165/32
leftsubnet=192.168.122.182/32
ikev2=insist
IPsec node 2 (*.conf):
conn test1
auto=add
authby=secret
right=192.168.122.181
left=192.168.122.165
ike=3des-sha1
esp=3des-sha1
leftsubnet=192.168.122.165/32
rightsubnet=192.168.122.183/32
ikev2=insist
conn test2
auto=add
authby=secret
right=192.168.122.181
left=192.168.122.165
ike=3des-sha1
esp=3des-sha1
leftsubnet=192.168.122.165/32
rightsubnet=192.168.122.182/32
ikev2=insist
both nodes (*.secrets):
: PSK "whatever"
2. Establish connections test1 and test2 as "ipsec auto --up test1/test2"
3. In failed case, the 2nd connection wont go through. And in success case, both connections will go through.
4. connection can be checked by "ip xfrm policy/state" commands.
------- Comment From spieth.com 2011-03-17 20:02 EDT------- ---Problem Description--- Openswan-IKEv2 can not setup 2nd SA with traffic selector for different host behind the same security gateway Contact Information = spieth.com ---uname output--- na Machine Type = na ---Debugger--- A debugger is not configured ---Steps to Reproduce--- na ---All Component Data--- An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2011-0652.html |