Package: strongswan-ikev1 Version: 4.4.1-5.1 Severity: normal Tags: patch upstream
In Strongswan version 4.4.1 as shipped in stable there is a known bug which prevents a virtual ip assigned via mode config to be released if the XAUTH name send from the peer does not match the peers id. Clients which offer no control over which peer id is send or extract it from the certificates subject will not be able to aquire a virtual ip after their first disconnect. One particular example of this peer behaviour are iphones. For theses clients the current strongswan-ikev1 package is not usable with the xauthrsasig method. Upstream has a patch for this at http://git.strongswan.org/?p=strongswan.git;h=2b3124c76d3897bccb4aa616fca1f7393f1b284e The patch applies cleanly to the debian source package and solves the problem described. -- System Information: Debian Release: 6.0 APT prefers squeeze-updates APT policy: (500, 'squeeze-updates'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-686 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages strongswan-ikev1 depends on: ii bind9-host [host] 1:9.7.2.dfsg.P3-1.1 Version of 'host' bundled with BIN ii bsdmainutils 8.0.13 collection of more utilities from ii debconf [debconf-2.0 1.5.36.1 Debian configuration management sy ii debianutils 3.4 Miscellaneous utilities specific t ii iproute 20100519-3 networking and traffic control too ii ipsec-tools 1:0.7.3-12 IPsec tools for Linux ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib ii libcap2 1:2.19-3 support for getting/setting POSIX. ii libstrongswan 4.4.1-5.1 strongSwan utility and crypto libr ii strongswan-starter 4.4.1-5.1 strongSwan daemon starter and conf strongswan-ikev1 recommends no packages. Versions of packages strongswan-ikev1 suggests: pn curl <none> (no description available) -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org