Bug 435445 - IPSec ifup script doesn't allow to leave AH transformation out
IPSec ifup script doesn't allow to leave AH transformation out
Status: CLOSED DUPLICATE of bug 251494
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: initscripts (Show other bugs)
All Linux
low Severity low
: rc
: ---
Assigned To: initscripts Maintenance Team
Brock Organ
Depends On:
  Show dependency treegraph
Reported: 2008-02-29 07:10 EST by Aleksander Adamowski
Modified: 2008-02-29 10:16 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-02-29 10:16:13 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Aleksander Adamowski 2008-02-29 07:10:05 EST
The ifup-ipsec script has the presence of AH transtormation hardcoded into
itself. Its presence is not configurable - it always generates policies that
contain both ESP and AH transformations.

This is bad for two reasons:

1) AH is superfluous in presence of ESP - ESP sufficiently serves both
authentication (like AH) and encryption
2) The set of transformations should be configurable since there might be
different combinations of them on the other side (e.g. Cisco hardware, othre
systems) and the policies need to match strictly on both sides in order for the
security association to be established.
Comment 1 Aleksander Adamowski 2008-02-29 08:39:23 EST
I've also found this:


which corresponds to bug 251494. Seems like my bug is a duplicate of bug 251494,
which in addition contains a proposed fix to the scripts.
Comment 2 Bill Nottingham 2008-02-29 10:16:13 EST

*** This bug has been marked as a duplicate of 251494 ***

Note You need to log in before you can comment on or make changes to this bug.