Red Hat Bugzilla – Bug 189096
kernel-2.6.16-1.2069_FC4 breaks network to network ipsec vpn
Last modified: 2015-01-04 17:26:35 EST
Description of problem:
kernel-2.6.16-1.2069_FC4 breaks network to network ipsec that worked on
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. configure working ipsec vpn on kernel-2.6.13-1.1526_FC4
2. boot to kernel-2.6.16-1.2069_FC4
3. ping one network from the other
4. ipsec creates lots of SAD entries, but none functional
Complete failure to pass tunneled packets between networks.
All unfiltered traffic passed by ipsec tunnel between peers
Tunnel is configured via /etc/sysconfig/network-scripts/ifcfg-ipsec0:
SRC=[local public ip address]
DST=[peer public ip address]
iptables configuration is of course necessary, but remains unchanged between
working and non-working configuration. The booted kernel is the only change.
The remote peer is running kernel-2.6.14-1.1644_FC4 and ipsec-tools-0.5-4.
[This comment added as part of a mass-update to all open FC4 kernel bugs]
FC4 has now transitioned to the Fedora legacy project, which will continue to
release security related updates for the kernel. As this bug is not security
related, it is unlikely to be fixed in an update for FC4, and has been migrated
Please retest with Fedora Core 5.
A new kernel update has been released (Version: 2.6.18-1.2200.fc5)
based upon a new upstream kernel release.
Please retest against this new kernel, as a large number of patches
go into each upstream release, possibly including changes that
may address this problem.
This bug has been placed in NEEDINFO state.
Due to the large volume of inactive bugs in bugzilla, if this bug is
still in this state in two weeks time, it will be closed.
Should this bug still be relevant after this period, the reporter
can reopen the bug at any time. Any other users on the Cc: list
of this bug can request that the bug be reopened by adding a
comment to the bug.
In the last few updates, some users upgrading from FC4->FC5
have reported that installing a kernel update has left their
systems unbootable. If you have been affected by this problem
please check you only have one version of device-mapper & lvm2
installed. See bug 207474 for further details.
If this bug is a problem preventing you from installing the
release this version is filed against, please see bug 169613.
If this bug has been fixed, but you are now experiencing a different
problem, please file a separate bug for the new problem.
This bug has been mass-closed along with all other bugs that
have been in NEEDINFO state for several months.
Due to the large volume of inactive bugs in bugzilla, this
is the only method we have of cleaning out stale bug reports
where the reporter has disappeared.
If you can reproduce this bug after installing all the
current updates, please reopen this bug.
If you are not the reporter, you can add a comment requesting
it be reopened, and someone will get to it asap.