Bug 200791 - Openswan tunnels only allows ping after kernel update around v 2.6.15-1.1833
Openswan tunnels only allows ping after kernel update around v 2.6.15-1.1833
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: kernel (Show other bugs)
5
All Linux
medium Severity medium
: ---
: ---
Assigned To: Kernel Maintainer List
Brian Brock
NeedsRetesting
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-07-31 13:45 EDT by Corey
Modified: 2007-11-30 17:11 EST (History)
2 users (show)

See Also:
Fixed In Version: 2.6.18-1.2200.fc5
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-11-01 13:41:14 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Corey 2006-07-31 13:45:03 EDT
Description of problem:
OpenSwan Tunnels can only send Ping Data through, all other data fails to get 
through after doing yum update

Version-Release number of selected component (if applicable):
kernel greater than 2.6.15-1.1833
openswan 2.4.4-1.0.FC4.1

How reproducible:
Every time

Steps to Reproduce:
1. Install 2 FC4 machies using minimal packages option for firewall config
2. Install openswan and dependencies
3. Configure both OpenSwan ipsec.conf files for PSK tunnel mode through the 
internet allowing access to both subnets. Configure iptables accordingly to 
allow ipsec data.
4. Test ping, Http, ssh, ftp, etc... applications from subnet host to subnet 
host successfully
5. Run yum update and update the kernel above version 2.6.15-1.1833
6. Test ping, http, ssh, ftp, etc... application from subnet host to subnet 
host. Find that only ping works through the tunnel
  
Actual results:
6. Test ping, http, ssh, ftp, etc... application from subnet host to subnet 
host. Find that only ping works through the tunnel

Expected results:
6. Test ping, http, ssh, ftp, etc... application from subnet host to subnet 
host. Find that all applications work through tunnel

Additional info:
Something is wrong with the kernel builds after a certian level around 2.6.15-
1.1833. If I modify the /etc/grub.conf file to boot to an older kernel with the 
same ipsec.conf and iptables files, the tunnel works great. When booting to the 
updated kernel, the tunnel only allows ping through.
Comment 1 Dave Jones 2006-09-16 21:42:00 EDT
[This comment added as part of a mass-update to all open FC4 kernel bugs]

FC4 has now transitioned to the Fedora legacy project, which will continue to
release security related updates for the kernel.  As this bug is not security
related, it is unlikely to be fixed in an update for FC4, and has been migrated
to FC5.

Please retest with Fedora Core 5.

Thank you.
Comment 2 Dave Jones 2006-10-16 13:37:21 EDT
A new kernel update has been released (Version: 2.6.18-1.2200.fc5)
based upon a new upstream kernel release.

Please retest against this new kernel, as a large number of patches
go into each upstream release, possibly including changes that
may address this problem.

This bug has been placed in NEEDINFO state.
Due to the large volume of inactive bugs in bugzilla, if this bug is
still in this state in two weeks time, it will be closed.

Should this bug still be relevant after this period, the reporter
can reopen the bug at any time. Any other users on the Cc: list
of this bug can request that the bug be reopened by adding a
comment to the bug.

In the last few updates, some users upgrading from FC4->FC5
have reported that installing a kernel update has left their
systems unbootable. If you have been affected by this problem
please check you only have one version of device-mapper & lvm2
installed.  See bug 207474 for further details.

If this bug is a problem preventing you from installing the
release this version is filed against, please see bug 169613.

If this bug has been fixed, but you are now experiencing a different
problem, please file a separate bug for the new problem.

Thank you.
Comment 3 Jarod Wilson 2006-11-01 13:41:14 EST
I've got a fully-working openswan tunnel with kernel 2.6.18-1.2200.fc5, closing
CURRENTRELEASE. Of course, my tunnel and firewall may not be running the same
config. Corey, if you can reproduce the failure on 2.6.18-1.2200.fc5 or later,
please request this bug to be reopened.

Note You need to log in before you can comment on or make changes to this bug.