https://bugzilla.novell.com/show_bug.cgi?id=346211 Summary: racoon (novell-ipsec-tools pkg) can build tunnels but no traffic gets through Product: SUSE Linux 10.1 Version: Final Platform: x86-64 OS/Version: SLED 10 Status: NEW Severity: Major Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: david.mattes@boeing.com QAContact: qa@suse.de CC: stingleff@novell.com, bili@novell.com Found By: Customer I am using novell-ipsec-tools, along with turnpike, to build VPN tunnels. VPN tunnels have been and are still successfully established but VPN traffic stopped flowing with novell-ipsec-tools-0.6.3-26.14 (SLED10SP1) as a regression from novell-ipsec-tools-0.6.3-26.4 (SLED10). When I connect with 26.4 (when it works) the relevant entries in syslog are: racoon: INFO: IPsec-SA established: ESP/Tunnel 10.0.0.1[0]->192.168.1.150[0] racoon: INFO: IPsec-SA established: ESP/Tunnel 192.168.1.150[0]->10.0.0.1[0] And the tunnel works fine. But when I connect with 26.14 these change to: racoon: INFO: IPsec-SA established: ESP/Tunnel 10.0.0.1[500]->192.168.1.150[500] racoon: INFO: IPsec-SA established: ESP/Tunnel 192.168.1.150[500]->10.0.0.1[500] And then when I try to send data through the tunnel I get a constant (~1/sec) stream of the following: racoon: DEBUG: KA: 192.168.1.150[500]->10.0.0.1[500] racoon: DEBUG: sockname 192.168.1.150[500] racoon: DEBUG: send packet from 192.168.1.150[500] racoon: DEBUG: send packet to 10.0.0.1[500] racoon: DEBUG: src4 192.168.1.150[500] racoon: DEBUG: dst4 10.0.0.1[500] racoon: DEBUG: 1 times of 1 bytes message will be sent to 10.0.0.1[500] racoon: DEBUG: ff The only difference I can see is the change from ipaddr[0] to ipaddr[500], going from version 26.4 to version 26.14. What is the [500], and why did that change between the two versions? Is this a config option? Thanks! -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.