From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3) Gecko/20040922 Description of problem: I use FC3 kernel-2.6.9-1.667 with ipsec-tools-0.3.3-2 to create an ipsec tunnel. That worked fine. Since there is a problem with the ip_conntrack_amanda module in kernel 2.6.9, I had to upgrade to kernel-2.6.10-1.741_FC3. After this upgrade, the ipsec tunnel stops forwarding packets. I am running some experiments now with ipsec-tools-0.5-rc1. It seems this solves my problem. So please update ipsec-tools in FC3! Version-Release number of selected component (if applicable): ipsec-tools-0.3.3-2, kernel-2.6.10-1.741_FC3 How reproducible: Always Steps to Reproduce: 1. install minimal FC3 2. upgrade to kernel 2.6.10-1.741_FC3 3. start ipsec-tunnel (start racoon + setkey -f...) Actual Results: The tunnel does not forward packets Additional info: /etc/racoon/racoon.conf: path include "/etc/racoon"; path pre_shared_key "/etc/racoon/psk.txt"; path certificate "/etc/racoon/certs"; log debug; remote anonymous { exchange_mode aggressive,main; lifetime time 1 hour; # sec,min,hour proposal_check obey; # obey, strict or claim proposal { encryption_algorithm 3des; hash_algorithm sha1; authentication_method pre_shared_key; dh_group 2 ; } } sainfo anonymous { pfs_group 2; lifetime time 1 hour ; encryption_algorithm 3des, blowfish 448, rijndael ; authentication_algorithm hmac_sha1, hmac_md5 ; compression_algorithm deflate ; } ====================================== script that starts the tunnel on gateway A: #!/sbin/setkey -f flush; spdflush; spdadd x.y.z.0/22[any] 192.168.127.0/24[any] any -P out ipsec esp/tunnel/x.y.z.251-192.168.127.240/require; spdadd 192.168.127.0/24[any] x.y.z.0/22[any] any -P in ipsec esp/tunnel/192.168.127.240-x.y.z.251/require; ============= similar on gateway B
0.5-0.fc{2,3} pushed as a Fedora update.