From Bugzilla Helper: Description of problem: Hi, Thanks to the ipsec backport in the 2.4 kernel, we are using the ipsec-tools package. We noticed that in tunnel mode with ah and esp, the packets are malformed. The packets are like : IP header | AH header | IP header | ESP | and we should get : IP header | AH header | ESP | We found a description a similar bug on : http://www.ussg.iu.edu/hypermail/linux/kernel/0302.1/1087.html Thanks in advance for your help, Benoit Version-Release number of selected component (if applicable): kernel-2.4.21-15.0.3.EL How reproducible: Always Steps to Reproduce: 1.setup an ipsec tunnel with ah and esp between 2 gateway. Actual Results: The packets are like : IP header | AH header | IP header | ESP | Expected Results: The packets should be : IP header | AH header | ESP | Additional info:
This is also true of FC2 kernel 2.6.8-1.521 for ipsec tunnel mode. I have a packet trace and ipsec configuration if that would be helpful. Furthermore, I have proven with the packet trace that some packets are misaddressed. Specifically for a packet of the form: IP header1 | AH header | IP header2 | ESP The IP header1 has an incorrect destination address of the host in the remote tunneled subnet instead of the remote vpn partner, whereas IP header2 has the correct destination address of the remote vpn partner. For an host in local ipsec subnet contacting a web server in remote ipsec subnet the initial syn and response of syn,ack are tunnelled successfuly, but the encrypted ack goes out malformed, thus is never delivered.
Created attachment 104342 [details] ethereal trace of attempted tunnelled connection to a web server Packet 11 exhibits the ipsec bug. Note the icmp response in packet 12 from router due to the mis-addressed packet.
Created attachment 104343 [details] Output of setkey -DP Note VPN partner addresses of 169.244.85.2 and 169.244.32.130, and their tunneled subnet scopes of 10.6.18.0/24 and 192.168.0.0/16 respectively.
This bug is filed against RHEL 3, which is in maintenance phase. During the maintenance phase, only security errata and select mission critical bug fixes will be released for enterprise products. Since this bug does not meet that criteria, it is now being closed. For more information of the RHEL errata support policy, please visit: http://www.redhat.com/security/updates/errata/ If you feel this bug is indeed mission critical, please contact your support representative. You may be asked to provide detailed information on how this bug is affecting you.