[Bug 731547] New: It's impossible to establish ipsec connection in transport mode through router.
https://bugzilla.novell.com/show_bug.cgi?id=731547 https://bugzilla.novell.com/show_bug.cgi?id=731547#c0 Summary: It's impossible to establish ipsec connection in transport mode through router. Classification: openSUSE Product: openSUSE 11.3 Version: Final Platform: Other OS/Version: openSUSE 11.3 Status: NEW Severity: Enhancement Priority: P5 - None Component: Network AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: raiderx@yandex.ru QAContact: qa@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2 When I connect tp vpn gateway I see in log: 003 "l2tp-psk-client" #2: NAT-Traversal: Transport Mode not allowed due to security concerns -- using Tunnel mode 003 "l2tp-psk-client" #2: NAT-Traversal: Transport Mode not allowed due to security concerns -- using Tunnel mode This problem is described in Strongswan FAQ: http://wiki.strongswan.org/projects/strongswan/wiki/FAQ Strongswan package was build without option --enable-nat-transport. I rebuilt Strongswan with this option enabled and established connection through my router successfully. Is it possible to add this option in spec file at rpm source package and build Strongswan with new spec file? This package was build without that option enabled in OpenSUSE 12.1 also. Reproducible: Always Steps to Reproduce: 1. 2. 3. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=731547 https://bugzilla.novell.com/show_bug.cgi?id=731547#c Z1kk0 Z1kk0 <4Z1kk0@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P2 - High Keywords| |build Component|Network |Network CC| |4Z1kk0@gmail.com Target Milestone|--- |Final Product|openSUSE 11.3 |openSUSE 12.1 Severity|Enhancement |Major OS/Version|openSUSE 11.3 |All -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=731547 https://bugzilla.novell.com/show_bug.cgi?id=731547#c1 --- Comment #1 from Z1kk0 Z1kk0 <4Z1kk0@gmail.com> 2011-11-19 22:55:49 UTC --- I have this problem too. The option --enable-nat-transport is needed because of xl2tpd to enable vpn(l2tp protocol) over ipsec -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=731547 https://bugzilla.novell.com/show_bug.cgi?id=731547#c Andreas Jaeger <aj@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|bnc-team-screening@forge.pr |mt@suse.com |ovo.novell.com | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=731547 https://bugzilla.novell.com/show_bug.cgi?id=731547#c2 Marius Tomaschewski <mt@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |DUPLICATE --- Comment #2 from Marius Tomaschewski <mt@suse.com> 2011-11-21 11:47:39 UTC --- No, we don't want to enable it -- transport mode is disabled due to security concerns as the message shows. At least the Windows XP LT2P client can be configured to use tunnel mode instead of its default transport mode. When you really want to enable this option, you can use e.g. https://build.opensuse.org/ to link the package from ...:Update project into e.g. your home project, enable this option, add the resulting repository as installation/update source using 'zypper ar'. *** This bug has been marked as a duplicate of bug 582151 *** http://bugzilla.novell.com/show_bug.cgi?id=582151 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=731547 https://bugzilla.novell.com/show_bug.cgi?id=731547#c3 --- Comment #3 from Z1kk0 Z1kk0 <4Z1kk0@gmail.com> 2011-11-21 20:38:56 UTC --- "due to security" only user will decide security or not because this is only option, that can be disabled( and it is by default), but user have not to repackage packet into distro because of one option. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=731547 https://bugzilla.novell.com/show_bug.cgi?id=731547#c4 --- Comment #4 from Z1kk0 Z1kk0 <4Z1kk0@gmail.com> 2011-11-21 20:43:01 UTC --- and as i described above reason not only in Windows, xl2tpd DO NOT want to work over ipsec in tunnel mode, ONLY in transport. And if want to use it over ipsec how can I do this??? or you can advise something else? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com