Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 17122

Summary: 2.2.16 + VPN Masq = 0.0.0.0 src addr
Product: [Retired] Red Hat Linux Reporter: Chris Abbey <cabbey>
Component: kernelAssignee: Michael K. Johnson <johnsonm>
Status: CLOSED WONTFIX QA Contact:
Severity: high Docs Contact:
Priority: medium    
Version: 7.0   
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2000-09-09 17:01:31 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Chris Abbey 2000-08-31 02:26:15 UTC 
There are a half dozen or so of us at work who have had absolutely no luck getting 2.2.16 to masquerade IPSEC packets. This includes
folks who have started from your earlier 2.2.16-3 sources and manually applied (and cleaned-up) the VPN Masq patches, as well as folks
who have taken your newer 2.2.16 kernels from rawhide or pinstripe. In all cases who have tried, reverting to 2.2.14 with the patch applied
has corrected the problem. The probelm (as near I can tell from a tcpdump) is that the "masqueraded" packets are sent out to the vpn
server with a source address of 0.0.0.0 instead of the correct external interface address. The vpn client is the Nortel Extranet Access
Client (a complete piece of shit, but that's all management will authorize, and they seem to be using some "not quite standard" data
exchanges). I do not know if anyone has tried this on a "stock" 2.2.16 kernel from kernel.org. All other masquerading on the affected
systems seems to work fine and there are no "interesting" lines in /var/log/messages. I know of none who have gotten this to work.
Comment 1 Michael K. Johnson 2000-08-31 13:35:14 UTC 
This is a known issue, but the first patches we saw broke
lvs.  There are newer patches being evaluated, though.
Comment 2 Chris Abbey 2000-09-01 07:05:02 UTC 
Can you please provide pointers to said patches? I had looked in most of the
places I expected this to have been discussed and found nothing prior to
submitting. I'd like to test these patches over the holiday weekend if you
think there's even a remote chance they'll work.
Comment 3 Chris Abbey 2000-09-09 17:01:27 UTC 
assuming the patch you mentioned is the one John Hardin just put up, then
a co-worker reports:

> I applied the new patch to the 2.2.16-12 from rawhide and it seemed to
> work.  I was able to connect to work just like under 2.2.14.

ftp://ftp.rubyriver.com/pub/jhardin/masquerade/ip_masq_vpn-RH2.16-2.patch.gz

I'll ask that we use this bug to ensure this is included in future kernel builds.
Thanks -=Chris