[Bug 339674] New: novell-nortelplugins causes racoon crash with split tunnel
https://bugzilla.novell.com/show_bug.cgi?id=339674 Summary: novell-nortelplugins causes racoon crash with split tunnel Product: SUSE Linux 10.1 Version: Final Platform: x86-64 OS/Version: SLED 10 Status: NEW Severity: Normal Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: david.mattes@boeing.com QAContact: qa@suse.de CC: stingleff@novell.com Found By: Customer When I connect to our Nortel VPN server with split tunneling enabled, racoon crashes when the list of split tunnel routes is downloaded. If I hack racoon to ignore the split tunnel routes, the connection works just fine. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=339674#c1 Thomas Biege <thomas@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |security-team@suse.de, jbohac@novell.com AssignedTo|security-team@suse.de |jshi@novell.com --- Comment #1 from Thomas Biege <thomas@novell.com> 2007-11-06 23:28:56 MST --- reassigning to maintainer -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=339674#c2 --- Comment #2 from Sam Tingleff <stingleff@novell.com> 2007-11-20 21:17:09 MST --- *** Bug 329592 has been marked as a duplicate of this bug. *** https://bugzilla.novell.com/show_bug.cgi?id=329592 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=339674#c3 --- Comment #3 from Li Bin <bili@novell.com> 2007-11-20 22:05:51 MST --- Created an attachment (id=184154) --> (https://bugzilla.novell.com/attachment.cgi?id=184154) script for trouble shooting Hi, David. Would mind run our troubleshooting script in your environment, then send back the tar file to us for getting more information about this bug. Thanks! -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=339674 Li Bin <bili@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |bili@novell.com, allau@novell.com AssignedTo|jshi@novell.com |bili@novell.com Status|NEW |ASSIGNED -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=339674 Li Bin <bili@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO Info Provider| |david.mattes@boeing.com -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=339674#c4 David Mattes <david.mattes@boeing.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED Info Provider|david.mattes@boeing.com | --- Comment #4 from David Mattes <david.mattes@boeing.com> 2007-11-21 12:23:53 MST --- Created an attachment (id=184275) --> (https://bugzilla.novell.com/attachment.cgi?id=184275) requested data dump from debug script I redacted a bunch of IP addresses from the messages and ip_route_after_vpn files. I hope that doesn't impact your effort. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=339674#c5 --- Comment #5 from Li Bin <bili@novell.com> 2007-11-21 19:45:04 MST --- Hi, David. I saw your patch in Bug 329592, so it would work ok after being patched? --- ipsec-tools-0.6.3_turnpike/src/racoon/isakmp_cfg.c 2006-01-16 05:28:08.000000000 -0800 +++ ipsec-tools-0.6.3_turnpike-boeing/src/racoon/isakmp_cfg.c 2006-12-19 13:06:42.000000000 -0800 @@ -1747,8 +1749,16 @@ int status = TPIKE_STATUS_SUCCESS; int datalen = 0; - attrtype = ntohs(attr->type); + +if (attr->type == 0x0040) { + attr->type = 0x0D00; +} + if(attrtype & ISAKMP_GEN_TV) attrtype = attrtype & ~ISAKMP_GEN_TV; -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=339674 Li Bin <bili@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO Info Provider| |david.mattes@boeing.com -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=339674#c6 David Mattes <david.mattes@boeing.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED Info Provider|david.mattes@boeing.com | --- Comment #6 from David Mattes <david.mattes@boeing.com> 2007-11-26 08:56:42 MST --- After applying the patch, racoon does not crash and the VPN tunnel is established. However, my patch just avoids the problem, it does not fix it. I believe the problem must be in the nortel plugin code, because that is where that attribute is handled. Finally (as expected), when I use the above patch, I don't get any of the split tunnel routes loaded into my routing table except for my local subnet. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=339674#c7 Li Bin <bili@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO Info Provider| |david.mattes@boeing.com --- Comment #7 from Li Bin <bili@novell.com> 2007-11-27 02:15:56 MST --- Hi, David. From the ip_after_vpn, we saw that split tunnel already configured, about 60. It is consistent to the captured packet. So the racoon's crash should be caused by other attributes or visiting memory illegally. Would you mind dump core file when Segmentation fault? And use 'bt' in 'gdb' found which point the racoon crash. Then send back this information for us. Thanks! -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=339674#c8 David Mattes <david.mattes@boeing.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED Info Provider|david.mattes@boeing.com | --- Comment #8 from David Mattes <david.mattes@boeing.com> 2007-11-27 10:28:25 MST --- Here you go. The racoon binary shipped in novell-ipsec-tools-0.6.3-26.14 is stripped. I can rebuild it with debugging symbols if you need me to. A3945578!mattes# gdb /usr/sbin/racoon -c core GNU gdb 6.6 Copyright (C) 2006 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "x86_64-suse-linux"... (no debugging symbols found) Using host libthread_db library "/lib64/libthread_db.so.1". Reading symbols from /lib64/libresolv.so.2...(no debugging symbols found)...done. Loaded symbols for /lib64/libresolv.so.2 Reading symbols from /lib64/libdl.so.2...(no debugging symbols found)...done. Loaded symbols for /lib64/libdl.so.2 Reading symbols from /lib64/libcrypt.so.1... (no debugging symbols found)...done. Loaded symbols for /lib64/libcrypt.so.1 Reading symbols from /lib64/libc.so.6...(no debugging symbols found)...done. Loaded symbols for /lib64/libc.so.6 Reading symbols from /lib64/ld-linux-x86-64.so.2... (no debugging symbols found)...done. Loaded symbols for /lib64/ld-linux-x86-64.so.2 Reading symbols from /usr/lib/turnpike/plugins/libnortel.so...(no debugging symbols found)...done. Loaded symbols for /usr/lib/turnpike/plugins/libnortel.so Core was generated by `racoon -F -f /etc/racoon/racoon.conf'. Program terminated with signal 11, Segmentation fault. #0 0x0000000000000010 in ?? () (gdb) bt #0 0x0000000000000010 in ?? () #1 0x0000000000007090 in ?? () #2 0x0000000000000010 in ?? () #3 0x0000000000007190 in ?? () #4 0x0000000000000010 in ?? () #5 0x0000000000007390 in ?? () #6 0x0000000000000010 in ?? () #7 0x0000000000007590 in ?? () #8 0x0000000000000010 in ?? () #9 0x0000000000007cc0 in ?? () #10 0x0000000000000010 in ?? () #11 0x000000000000a1c0 in ?? () #12 0x0000000000000010 in ?? () #13 0x00000000002c21c0 in ?? () #14 0x0000000000000017 in ?? () #15 0x00000000003021c0 in ?? () #16 0x0000000000000018 in ?? () #17 0x00000000003121c0 in ?? () #18 0x0000000000000018 in ?? () #19 0x00000000003221c0 in ?? () #20 0x0000000000000018 in ?? () #21 0x00000000003421c0 in ?? () #22 0x0000000000000016 in ?? () #23 0x00000000003821c0 in ?? () #24 0x0000000000000015 in ?? () #25 0x00000000003d21c0 in ?? () #26 0x0000000000000018 in ?? () #27 0x00000000003e21c0 in ?? () #28 0x0000000000000018 in ?? () #29 0x00000000004021c0 in ?? () #30 0x0000000000000013 in ?? () #31 0x0000000000002ac0 in ?? () #32 0x0000000000000010 in ?? () #33 0x00000000000030c0 in ?? () #34 0x0000000000000014 in ?? () #35 0x00000000001030c0 in ?? () #36 0x0000000000000016 in ?? () ---Type <return> to continue, or q <return> to quit--- #37 0x00000000001430c0 in ?? () #38 0x0000000000000018 in ?? () #39 0x00000000001530c0 in ?? () #40 0x0000000000000018 in ?? () #41 0x00000000001830c0 in ?? () #42 0x0000000000000015 in ?? () #43 0x00000000000036c0 in ?? () #44 0x0000000000000014 in ?? () #45 0x00000000008036c0 in ?? () #46 0x0000000000000011 in ?? () #47 0x00000000001036c0 in ?? () #48 0x0000000000000015 in ?? () #49 0x00000000001836c0 in ?? () #50 0x0000000000000016 in ?? () #51 0x00000000001c36c0 in ?? () #52 0x0000000000000017 in ?? () #53 0x00000000001f36c0 in ?? () #54 0x0000000000000018 in ?? () #55 0x00000000002036c0 in ?? () #56 0x0000000000000013 in ?? () #57 0x00000000004036c0 in ?? () #58 0x0000000000000012 in ?? () #59 0x00000000000041c0 in ?? () #60 0x0000000000000010 in ?? () #61 0x0000000000004cc0 in ?? () #62 0x0000000000000010 in ?? () #63 0x00000000000b4fc0 in ?? () #64 0x0000000000000018 in ?? () #65 0x00000000001021c7 in ?? () #66 0x0000000000000015 in ?? () #67 0x0000000000ffafcd in ?? () #68 0x0000000000000018 in ?? () #69 0x00000000000002a4 in ?? () #70 0x00007fff1fb15120 in ?? () #71 0x00007fff1fb151e8 in ?? () #72 0x0000000000435011 in isakmp_handler () #73 0x000000000042f456 in session () ---Type <return> to continue, or q <return> to quit--- #74 0x000000000042ec27 in main () (gdb) (gdb) (gdb) (gdb) quit -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=339674#c9 --- Comment #9 from Li Bin <bili@novell.com> 2007-11-27 19:43:29 MST --- Created an attachment (id=185001) --> (https://bugzilla.novell.com/attachment.cgi?id=185001) nortel's debug version Hi, David. It would be good that rebuild the novell-ipsec-tools, now I can't find anything useful, and I upload the nortel plugin's so, you can untar it into /usr/lib/turnpike/plugins/ directory. And then try again, :), thanks! -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=339674 Li Bin <bili@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO Info Provider| |david.mattes@boeing.com -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=339674#c10 --- Comment #10 from Li Bin <bili@novell.com> 2007-11-29 05:43:06 MST --- Hi, David. Any update? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=339674#c11 David Mattes <david.mattes@boeing.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED Info Provider|david.mattes@boeing.com | --- Comment #11 from David Mattes <david.mattes@boeing.com> 2007-11-29 09:39:33 MST --- I ran a version of racoon with debugging symbols, but I am having problems with the nortel plugin you provided. I'm running x86_64 and in order to get the debug plugin to open, I had to run racoon with linux32. When I do this, I can't get racoon to crash, even though the behavior is the same - the VPN IP address is set to the split tunnel route that the plugin normally crashes on. So there's some strangeness going on that may need some more work to figure out what's happening. Anyway, here is some debug info when I don't run racoon with linux32. Unfortunately it crashes in a different place, when it starts the ISAKMP Phase 1 negotiation. about to call so: /usr/lib/turnpike/plugins/libnortel.so plugin name is :nortel Failed opening so:/usr/lib/turnpike/plugins/libnortel.so, dlopen returned error:/usr/lib/turnpike/plugins/libnortel.so: wrong ELF class: ELFCLASS32 Program received signal SIGHUP, Hangup. 0x00002acd629c3e87 in kill () from /lib64/libc.so.6 (gdb) cont Continuing. Program received signal SIGSEGV, Segmentation fault. isakmp_plist_set_all (plist=0x7fff4857e5a8, iph1=0x692ad0) at isakmp.c:2907 2907 tlen += ptr->payload->l + sizeof (struct isakmp_gen); (gdb) bt #0 isakmp_plist_set_all (plist=0x7fff4857e5a8, iph1=0x692ad0) at isakmp.c:2907 #1 0x000000000043a38b in agg_i1send (iph1=0x692ad0, msg=<value optimized out>) at isakmp_agg.c:318 #2 0x0000000000432c8c in isakmp_ph1begin_i (rmconf=<value optimized out>, remote=0x692a90, local=<value optimized out>) at isakmp.c:1046 #3 0x000000000044b56c in admin_handler () at admin.c:494 #4 0x000000000042f5e6 in session () at session.c:202 #5 0x000000000042ec27 in main (ac=4, av=0x7fff4857fdb8) at main.c:247 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=339674#c12 David Mattes <david.mattes@boeing.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO Info Provider| |david.mattes@boeing.com --- Comment #12 from David Mattes <david.mattes@boeing.com> 2007-11-29 10:32:45 MST --- I tried on a 32-bit computer. I still couldn't get anything useful out of gdb. But the following did show up in the syslog just before racoon crashed. A3945578!mattes bugzilla> cat bug.txt Nov 29 09:28:07 e061240 racoon: DEBUG: ==> Enter cfgAckIPv4Callback... Nov 29 09:28:07 e061240 racoon: DEBUG: ASSIGNED IP ADDRESS IS 6047090 Nov 29 09:28:07 e061240 racoon: DEBUG: Acking INTERNAL IP Nov 29 09:28:07 e061240 racoon: DEBUG: Unexpected SET attribute 6 Nov 29 09:28:07 e061240 racoon: DEBUG: Unexpected SET attribute 16392 Nov 29 09:28:07 e061240 racoon: DEBUG: ==> Enter cfgAckKACallback... Nov 29 09:28:07 e061240 racoon: DEBUG: KA IN SECS IS 384 Nov 29 09:28:07 e061240 racoon: DEBUG: Acking KA Nov 29 09:28:07 e061240 racoon: DEBUG: Unexpected SET attribute 16394 Nov 29 09:28:07 e061240 racoon: DEBUG: ==> Enter cfgAckIPv4MaskCallback... Nov 29 09:28:07 e061240 racoon: DEBUG: Acking INTERNAL IP MASK Nov 29 09:28:07 e061240 racoon: DEBUG: ==> Enter cfgAckIPv4DnsCallback... Nov 29 09:28:07 e061240 racoon: DEBUG: Acking INTERNAL IP DNS Nov 29 09:28:07 e061240 racoon: DEBUG: ==> Enter cfgAckIPv4DnsCallback... Nov 29 09:28:07 e061240 racoon: DEBUG: Acking INTERNAL IP DNS Nov 29 09:28:07 e061240 racoon: DEBUG: Unexpected SET attribute 4 Nov 29 09:28:07 e061240 racoon: DEBUG: Unexpected SET attribute 4 Nov 29 09:28:07 e061240 racoon: DEBUG: ==> Enter cfgAckBifurcationCallback... What next? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=339674#c13 --- Comment #13 from Li Bin <bili@novell.com> 2007-12-03 03:43:26 MST --- Hi, David. In Comment #11 you said the racoon don't crash in 32-bit computer, so dis it crash just in sometimes or all the times in 32-bit computer? From this comment the racoon should be crash at cfgAckBifurcationCallback, which is the "split tunnel" function in plugin. But now I didn't know why? Maybe I'll add some more debug info and reply you later. (In reply to comment #12 from David Mattes)
I tried on a 32-bit computer. I still couldn't get anything useful out of gdb. But the following did show up in the syslog just before racoon crashed.
A3945578!mattes bugzilla> cat bug.txt Nov 29 09:28:07 e061240 racoon: DEBUG: ==> Enter cfgAckIPv4Callback... Nov 29 09:28:07 e061240 racoon: DEBUG: ASSIGNED IP ADDRESS IS 6047090 Nov 29 09:28:07 e061240 racoon: DEBUG: Acking INTERNAL IP Nov 29 09:28:07 e061240 racoon: DEBUG: Unexpected SET attribute 6 Nov 29 09:28:07 e061240 racoon: DEBUG: Unexpected SET attribute 16392 Nov 29 09:28:07 e061240 racoon: DEBUG: ==> Enter cfgAckKACallback... Nov 29 09:28:07 e061240 racoon: DEBUG: KA IN SECS IS 384 Nov 29 09:28:07 e061240 racoon: DEBUG: Acking KA Nov 29 09:28:07 e061240 racoon: DEBUG: Unexpected SET attribute 16394 Nov 29 09:28:07 e061240 racoon: DEBUG: ==> Enter cfgAckIPv4MaskCallback... Nov 29 09:28:07 e061240 racoon: DEBUG: Acking INTERNAL IP MASK Nov 29 09:28:07 e061240 racoon: DEBUG: ==> Enter cfgAckIPv4DnsCallback... Nov 29 09:28:07 e061240 racoon: DEBUG: Acking INTERNAL IP DNS Nov 29 09:28:07 e061240 racoon: DEBUG: ==> Enter cfgAckIPv4DnsCallback... Nov 29 09:28:07 e061240 racoon: DEBUG: Acking INTERNAL IP DNS Nov 29 09:28:07 e061240 racoon: DEBUG: Unexpected SET attribute 4 Nov 29 09:28:07 e061240 racoon: DEBUG: Unexpected SET attribute 4 Nov 29 09:28:07 e061240 racoon: DEBUG: ==> Enter cfgAckBifurcationCallback...
What next?
-- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=339674#c14 David Mattes <david.mattes@boeing.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED Info Provider|david.mattes@boeing.com | --- Comment #14 from David Mattes <david.mattes@boeing.com> 2007-12-03 08:12:51 MST --- Just a little clarification. Racoon DOES crash on 32-bit computer, as detailed above. However, on x86_64, when running racoon with linux32 (use 32 bit mode instead of 64 bit), racoon did not crash. It was strange behavior. I could try to repeat and see what was going on with the racoon process. Let me know how you would like to proceed. Thanks! -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=339674 User bili@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=339674#c15 Li Bin <bili@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO Info Provider| |david.mattes@boeing.com --- Comment #15 from Li Bin <bili@novell.com> 2007-12-03 22:56:10 MST --- Hi, David. I've reviewed the code, and found the tunnel list max number is 20, so it's the reason for crash. Now I change the plugin's code and package in the x86_64 and i386 platform. So now you can get it from the attachments and try them all, if it's not crash on, I'll close this bug. If not, just give me the log. Thanks for your help! -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=339674 User bili@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=339674#c16 --- Comment #16 from Li Bin <bili@novell.com> 2007-12-03 23:29:49 MST --- Created an attachment (id=185722) --> (https://bugzilla.novell.com/attachment.cgi?id=185722) the rpm for i586 platform If you can login novell's innerweb, you can download from here: http://w3.suse.de/~bili/novell-nortelplugins-0.1.2-6.18.i586.rpm -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=339674 User bili@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=339674#c17 --- Comment #17 from Li Bin <bili@novell.com> 2007-12-04 00:40:02 MST --- Created an attachment (id=185731) --> (https://bugzilla.novell.com/attachment.cgi?id=185731) the rpm for x86_64 platform If you visit the novell's innerweb, you could download from here: http://w3.suse.de/~bili/novell-nortelplugins-0.1.2-6.18.x86_64.rpm -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=339674 User david.mattes@boeing.com added comment https://bugzilla.novell.com/show_bug.cgi?id=339674#c18 David Mattes <david.mattes@boeing.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED Info Provider|david.mattes@boeing.com | --- Comment #18 from David Mattes <david.mattes@boeing.com> 2007-12-04 10:09:54 MST --- That did the trick for the split tunnel! Thanks! BTW, I have another VPN issue - you may want me to open another bug. It appeared with novell-ipsec-tools-0.6.3-26.14 (SLED10SP1) as a regression from novell-ipsec-tools-0.6.3-26.4 (SLED10). When I connect with 26.4 the relevant entries in syslog are: racoon: INFO: IPsec-SA established: ESP/Tunnel 10.0.0.1[0]->192.168.1.150[0] racoon: INFO: IPsec-SA established: ESP/Tunnel 192.168.1.150[0]->10.0.0.1[0] And the tunnel works fine. But when I connect with 26.14 these change to: racoon: INFO: IPsec-SA established: ESP/Tunnel 10.0.0.1[500]->192.168.1.150[500] racoon: INFO: IPsec-SA established: ESP/Tunnel 192.168.1.150[500]->10.0.0.1[500] And then I get a constant (~1/sec) stream of the following: racoon: DEBUG: KA: 192.168.1.150[500]->10.0.0.1[500] racoon: DEBUG: sockname 192.168.1.150[500] racoon: DEBUG: send packet from 192.168.1.150[500] racoon: DEBUG: send packet to 10.0.0.1[500] racoon: DEBUG: src4 192.168.1.150[500] racoon: DEBUG: dst4 10.0.0.1[500] racoon: DEBUG: 1 times of 1 bytes message will be sent to 10.0.0.1[500] racoon: DEBUG: ff The only difference I can see is the change from ip[0] to ip[500], going from version 26.4 to version 26.14. What is the [500], and why did that change between the two versions? Is this a config option? Thanks! -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=339674 User bili@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=339674#c19 Li Bin <bili@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO Info Provider| |ast@novell.com --- Comment #19 from Li Bin <bili@novell.com> 2007-12-04 19:07:01 MST --- Hi, David. It's a good idea for opening another bug. If you don't mind we'll discuss this problem after you open another bug. Thanks! And I'll submit this bug to QA(ast@novell.com) for updating the new version, then close it. (In reply to comment #18 from David Mattes)
That did the trick for the split tunnel! Thanks!
BTW, I have another VPN issue - you may want me to open another bug. It appeared with novell-ipsec-tools-0.6.3-26.14 (SLED10SP1) as a regression from novell-ipsec-tools-0.6.3-26.4 (SLED10). When I connect with 26.4 the relevant entries in syslog are: racoon: INFO: IPsec-SA established: ESP/Tunnel 10.0.0.1[0]->192.168.1.150[0] racoon: INFO: IPsec-SA established: ESP/Tunnel 192.168.1.150[0]->10.0.0.1[0]
And the tunnel works fine. But when I connect with 26.14 these change to: racoon: INFO: IPsec-SA established: ESP/Tunnel 10.0.0.1[500]->192.168.1.150[500] racoon: INFO: IPsec-SA established: ESP/Tunnel 192.168.1.150[500]->10.0.0.1[500]
And then I get a constant (~1/sec) stream of the following: racoon: DEBUG: KA: 192.168.1.150[500]->10.0.0.1[500] racoon: DEBUG: sockname 192.168.1.150[500] racoon: DEBUG: send packet from 192.168.1.150[500] racoon: DEBUG: send packet to 10.0.0.1[500] racoon: DEBUG: src4 192.168.1.150[500] racoon: DEBUG: dst4 10.0.0.1[500] racoon: DEBUG: 1 times of 1 bytes message will be sent to 10.0.0.1[500] racoon: DEBUG: ff
The only difference I can see is the change from ip[0] to ip[500], going from version 26.4 to version 26.14. What is the [500], and why did that change between the two versions? Is this a config option?
Thanks!
-- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=339674 User bili@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=339674#c23 --- Comment #23 from Li Bin <bili@novell.com> 2007-12-09 18:38:54 MST --- Hi, Harald. Any Update? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=339674 User hmuelle@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=339674#c24 Harald Mueller-Ney <hmuelle@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |hmuelle@novell.com Status|NEEDINFO |ASSIGNED Info Provider|hmuelle@novell.com | --- Comment #24 from Harald Mueller-Ney <hmuelle@novell.com> 2007-12-10 04:10:07 MST --- (In reply to comment #19 from Bin Li)
Hi, David. It's a good idea for opening another bug. If you don't mind we'll discuss this problem after you open another bug. Thanks! And I'll submit this bug to QA(ast@novell.com) for updating the new version, then close it.
What do you mean bei "updating the new version? Is your intention to ask for an maintenance update, we should release to all SLE10 customers? Looking at the bug, it sound reasonable, but we should fix the other issue first and release both packages fied in one update. Do we already have a bug for the other issue? We need to connect both bugs, this one blocks the other. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=339674 User bili@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=339674#c25 Li Bin <bili@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO Info Provider| |hmuelle@novell.com --- Comment #25 from Li Bin <bili@novell.com> 2007-12-10 18:47:54 MST --- Hi, Harald. (In reply to comment #24 from Harald Mueller-Ney)
What do you mean bei "updating the new version? I just wanna to know whether this fix need to merge the SLED10.
Is your intention to ask for an maintenance update, we should release to all SLE10 customers? Yes, it's my intention.
Looking at the bug, it sound reasonable, but we should fix the other issue first and release both packages fied in one update. Do we already have a bug for the other issue? We need to connect both bugs, this one blocks the other.
Yes, we already open a new bug #346211, https://bugzilla.novell.com/show_bug.cgi?id=346211 So we'll connect with you after the bug#346211 fixed? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=339674 User hmuelle@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=339674#c26 Harald Mueller-Ney <hmuelle@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |346211 Status|NEEDINFO |ASSIGNED Info Provider|hmuelle@novell.com | --- Comment #26 from Harald Mueller-Ney <hmuelle@novell.com> 2007-12-11 03:22:40 MST --- Exactly. Setting this one blocking 346211 (we need to release both together). It is fine to ask "maintenance" for an maintenance update in the other bug by setting needinfo to ast@novell.com but you should explicitely mention this bug so that whoever will answer for maintenance is aware that both fixes should be released together. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=339674 User bili@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=339674#c27 --- Comment #27 from Li Bin <bili@novell.com> 2007-12-11 19:29:59 MST --- (In reply to comment #26 from Harald Mueller-Ney)
Exactly. Setting this one blocking 346211 (we need to release both together).
It is fine to ask "maintenance" for an maintenance update in the other bug by setting needinfo to ast@novell.com but you should explicitely mention this bug so that whoever will answer for maintenance is aware that both fixes should be released together.
Thanks! I got it. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=339674 User hmuelle@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=339674#c29 Harald Mueller-Ney <hmuelle@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |NTS_Public --- Comment #29 from Harald Mueller-Ney <hmuelle@novell.com> 2008-02-13 04:03:14 MST --- Use SWAMPID: 16307 for releasing a patch update for both bugs: 339674, 346211 All packages could go into one patchinfo. A patch update is solving one or more related issues. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=339674 User uwedr@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=339674#c30 Uwe Drechsel <uwedr@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |uwedr@novell.com Info Provider|hmuelle@novell.com |david.mattes@boeing.com --- Comment #30 from Uwe Drechsel <uwedr@novell.com> 2008-02-13 04:42:07 MST --- openSUSE is not covered by L3 support, which is needed here. A fix is going to be released as Maintenance Update for SUSE Linux Enterprise Desktop. I assume you need the fix for SLED, right? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=339674 User bili@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=339674#c31 --- Comment #31 from Li Bin <bili@novell.com> 2008-02-14 01:35:45 MST --- (In reply to comment #30 from Uwe Drechsel)
openSUSE is not covered by L3 support, which is needed here. A fix is going to be released as Maintenance Update for SUSE Linux Enterprise Desktop.
I assume you need the fix for SLED, right?
Yes, and also I've submit the new package to STABLE for next release for OpenSUSE 11 and SLED10 SP2. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=339674 User bili@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=339674#c32 Li Bin <bili@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |RESOLVED Info Provider|david.mattes@boeing.com | Resolution| |FIXED --- Comment #32 from Li Bin <bili@novell.com> 2008-02-15 01:05:26 MST --- ->Fixed. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=339674 User ast@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=339674#c34 --- Comment #34 from Anja Stock <ast@novell.com> 2008-08-01 09:22:47 MDT --- released -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com