Bug#730313: marked as done (racoon and ipcomp not working for small packets)

Sat, 27 Jul 2019 11:27:44 -0700 

Your message dated Sat, 27 Jul 2019 18:25:41 +0000
with message-id <[email protected]>
and subject line Bug#932144: Removed package(s) from unstable
has caused the Debian Bug report #730313,
regarding racoon and ipcomp not working for small packets
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
730313: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730313
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: racoon
Version: 1:0.8.0-14
Severity: important

When enabling ipcomp with the following configuration in
/etc/ipsec-tools.conf:
spdadd 192.168.5.95 192.168.5.94 any -P out ipsec
        ipcomp/transport//use
        esp/transport//require
        ah/transport//require;
spdadd 192.168.5.95 192.168.5.94 any -P in ipsec
        ipcomp/transport//use
        esp/transport//require
        ah/transport//require;

Now when executing the following line:
root@ipsec1:~# ping -c 4 192.168.5.95
PING 192.168.5.95 (192.168.5.95) 56(84) bytes of data.
^C
--- 192.168.5.95 ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 3000ms

Now increasing the size of the ping packet:
root@ipsec1:~# ping -c 4 -s 300 192.168.5.95
PING 192.168.5.95 (192.168.5.95) 300(328) bytes of data.
308 bytes from 192.168.5.95: icmp_req=1 ttl=64 time=0.955 ms
308 bytes from 192.168.5.95: icmp_req=2 ttl=64 time=1.10 ms
308 bytes from 192.168.5.95: icmp_req=3 ttl=64 time=0.916 ms
308 bytes from 192.168.5.95: icmp_req=4 ttl=64 time=0.925 ms

--- 192.168.5.95 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3007ms
rtt min/avg/max/mdev = 0.916/0.976/1.108/0.077 ms

I have also tested this without racoon, by putting the ah, esp and
ipcomp information in /etc/ipsec-tools.conf, then I am able to ping also
with small packets.

Looking at tcpdump, I see that for small packets no compression is
applied, that's ok according to bug #301466. I do not understand why the
traffic isn't sent back.

If you need more information, please ask.

racoon.conf
# Also read the Linux IPSEC Howto up at
# http://www.ipsec-howto.org/t1.html
log info;
path certificate "/etc/racoon/certs";

remote 192.168.5.95 {

        # Passive off, we will connect automatically
        passive off;

        # Allow only main mode
        exchange_mode main;

        # Verification (using x509 certificates)
        my_identifier asn1dn;
        peers_identifier asn1dn;
        verify_identifier on;
        verify_cert on;
        ca_type x509 "cacert.pem";
        certificate_type x509 "client.crt" "client.key";

        # Settings
        ike_frag on;
        nat_traversal off;
        generate_policy on;
        dpd_delay 10; # dead peer detection

        # Proposal
        proposal {
                encryption_algorithm aes 256;
                hash_algorithm sha1;
                authentication_method rsasig;
                dh_group 5;
        }
}

sainfo anonymous {
        encryption_algorithm aes 256;
        authentication_algorithm hmac_sha1;
        compression_algorithm deflate;
}

-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.11-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages racoon depends on:
ii  adduser                3.113+nmu3
ii  debconf [debconf-2.0]  1.5.52
ii  ipsec-tools            1:0.8.0-14
ii  libc6                  2.17-96
ii  libcomerr2             1.42.8-1
ii  libgssapi-krb5-2       1.11.3+dfsg-3
ii  libk5crypto3           1.11.3+dfsg-3
ii  libkrb5-3              1.11.3+dfsg-3
ii  libldap-2.4-2          2.4.31-1+nmu2+b1
ii  libpam0g               1.1.3-10
ii  libssl1.0.0            1.0.1e-4
ii  perl                   5.18.1-4

racoon recommends no packages.

racoon suggests no packages.

-- Configuration Files:
/etc/racoon/psk.txt [Errno 13] Permission denied: u'/etc/racoon/psk.txt'
/etc/racoon/racoon.conf changed [not included]

-- debconf information:
* racoon/config_mode: direct

--- End Message ---
--- Begin Message --- 
Version: 1:0.8.2+20140711-12+rm

Dear submitter,

as the package ipsec-tools has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/932144

The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
[email protected].

Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)

--- End Message ---

Reply via email to