Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
For bugs related to Red Hat Enterprise Linux 5 product line. The current stable release is 5.10. For Red Hat Enterprise Linux 6 and above, please visit Red Hat JIRA https://issues.redhat.com/secure/CreateIssue!default.jspa?pid=12332745 to report new issues.

Bug 659835

Summary: Openswan - Packet from ….. differs from size specified in ISAKMP HDR
Product: Red Hat Enterprise Linux 5 Reporter: Robin R. Price II <rprice>
Component: openswanAssignee: Avesh Agarwal <avagarwa>
Status: CLOSED DUPLICATE QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: high Docs Contact:
Priority: high    
Version: 5.5CC: sgrubb
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-10-22 18:39:32 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
secure_box1
none
ipsec-issue2.rtf none

Description Robin R. Price II 2010-12-03 19:58:15 UTC 
Created attachment 464637 [details]
secure_box1

Description of problem:

Escalating from I-T 00317752

I am seeing some stability issue with openswan version 2.6.21 in setting up IPSEC connections between two linux boxes.
I am creating a PSK connection between two linux boxes running the same openswan version 2.6.21. I have seen very few times
the connection comes up with ISAKMP and IPSEC SA established. Most of the time I see ISAKMP SA Is established only on the responder
side but the initator side is still in STATE_MAIN_I3: sent MI3, expecting MR3.
Looking at the logs, at the initiator I see that for all the responses received from responder has the following
packet from w2.x2.y2.z2:500: size (320) differs from size specified in ISAKMP HDR (244)
As per the Openswan Release CHANGES (see link below) and the issue of “differs from size specified in ISAKMP HDR” has been
addressed in openswan release 2.6.23 “Fix for size (XXX) differs from size specified in ISAKMP HDR (YYY) [David]”

http://www.openswan.org/download/CHANGES 


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:


Created a test rpm from patch

http://git.openswan.org/cgi-bin/gitweb.cgi?p=openswan.git/.git;a=commit;h=faf0b309e2b3b8a937a7a9f4485dc828c374ccac


This resolved their issue.

~rp
Comment 1 Robin R. Price II 2010-12-03 19:58:55 UTC 
Created attachment 464638 [details]
ipsec-issue2.rtf
Comment 2 Robin R. Price II 2011-05-20 17:11:56 UTC 
Cisco is wanting an update on this.  Any news to share?



~rp
Comment 3 Avesh Agarwal 2011-05-20 17:22:14 UTC 
I just verified, and this is already fixed as part of #652733.
Comment 4 RHEL Program Management 2011-05-31 15:45:33 UTC 
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated in the
current release, Red Hat is unfortunately unable to address this
request at this time. Red Hat invites you to ask your support
representative to propose this request, if appropriate and relevant,
in the next release of Red Hat Enterprise Linux.
Comment 5 David Mair 2011-10-22 18:39:32 UTC 

*** This bug has been marked as a duplicate of bug 652733 ***