Bug 145773 - kernel-2.6.10 breaks ipsec-tools-0.3.3
kernel-2.6.10 breaks ipsec-tools-0.3.3
Product: Fedora
Classification: Fedora
Component: ipsec-tools (Show other bugs)
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Bill Nottingham
Depends On:
  Show dependency treegraph
Reported: 2005-01-21 08:57 EST by Ronny Blomme
Modified: 2014-03-16 22:51 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-03-04 18:09:37 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Ronny Blomme 2005-01-21 08:57:10 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3)

Description of problem:
I use FC3 kernel-2.6.9-1.667 with ipsec-tools-0.3.3-2
to create an ipsec tunnel. That worked fine.
Since there is a problem with the ip_conntrack_amanda module in kernel
2.6.9, I had to upgrade to kernel-2.6.10-1.741_FC3. After this
upgrade, the ipsec tunnel stops forwarding packets.
I am running some experiments now with ipsec-tools-0.5-rc1. It seems
this solves my problem.
So please update ipsec-tools in FC3!

Version-Release number of selected component (if applicable):
ipsec-tools-0.3.3-2, kernel-2.6.10-1.741_FC3

How reproducible:

Steps to Reproduce:
1. install minimal FC3
2. upgrade to kernel 2.6.10-1.741_FC3
3. start ipsec-tunnel (start racoon + setkey -f...)

Actual Results:  The tunnel does not forward packets

Additional info:


path include "/etc/racoon";
path pre_shared_key "/etc/racoon/psk.txt";
path certificate "/etc/racoon/certs";

log debug;

remote anonymous
        exchange_mode aggressive,main;
        lifetime time 1 hour;   # sec,min,hour
        proposal_check obey;    # obey, strict or claim
        proposal {
                encryption_algorithm 3des;
                hash_algorithm sha1;
                authentication_method pre_shared_key;
                dh_group 2 ;

sainfo anonymous
        pfs_group 2;
        lifetime time 1 hour ;
        encryption_algorithm 3des, blowfish 448, rijndael ;
        authentication_algorithm hmac_sha1, hmac_md5 ;
        compression_algorithm deflate ;

script that starts the tunnel on gateway A:
#!/sbin/setkey -f

spdadd x.y.z.0/22[any][any] any -P out ipsec

spdadd[any] x.y.z.0/22[any] any -P in ipsec

similar on gateway B
Comment 1 Bill Nottingham 2005-03-04 18:09:37 EST
0.5-0.fc{2,3} pushed as a Fedora update.

Note You need to log in before you can comment on or make changes to this bug.