Package: openswan
Version: 1:2.4.9+dfsg-1
Severity: serious
After upgrading to this version from 2.4.8, my tunnels no longer work. At
startup I get (slightly anonymised):
Nov 5 20:10:46 melech ipsec_setup: NETKEY on ppp0
83.188.xxx.yyy/255.255.255.255 pointopoint 10.64.64.64
Nov 5 20:10:46 melech ipsec_setup: ...Openswan IPsec started
Nov 5 20:10:46 melech ipsec_setup: Starting Openswan IPsec 2.4.9...
Nov 5 20:10:46 melech ipsec__plutorun: ipsec_auto: fatal error in "home":
%defaultroute requested but not known
Nov 5 20:10:46 melech ipsec__plutorun: ipsec_auto: fatal error in "dac":
%defaultroute requested but not known
After downgrading to 1:2.4.8-dfsg-1 it works again. I have a ppp setup:
~$ ip route
10.64.64.64 dev ppp0 proto kernel scope link src 83.178.xxx.yyy
172.16.10.0/24 dev ppp0 scope link src 172.16.10.240
default dev ppp0 scope link
/etc/ipsec.conf (slightly anonymised):
version 2
# basic configuration
config setup
interfaces="%defaultroute"
nat_traversal=yes
plutowait=yes
conn %default
authby=rsasig
rightrsasigkey=%cert
rightca="C=SE, L=...stuff removed..."
left=%defaultroute
dpddelay=30
leftcert=host.pem
conn home
leftsubnet=192.168.100.4/32
leftsourceip=192.168.100.4
right=home-gw.example.se
rightid="C=SE, O=...stuff removed..."
rightsubnet=192.168.100.0/24
dpdaction=restart
auto=add
conn dac
leftsubnet=172.16.10.240/32
leftsourceip=172.16.10.240
right=gw.example.com
rightsubnet=172.16.10.0/24
[EMAIL PROTECTED]
dpdaction=restart
auto=add
#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf
# end of ipsec.conf
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1,
'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.24-rc1-melech (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=sv_SE.UTF-8, LC_CTYPE=sv_SE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages openswan depends on:
ii bind9-host [host] 1:9.4.1-P1-3 Version of 'host' bundled with BIN
ii bsdmainutils 6.1.7 collection of more utilities from
ii debconf [debconf-2.0] 1.5.14 Debian configuration management sy
ii debianutils 2.25.1 Miscellaneous utilities specific t
ii iproute 20070313-1 Professional tools to control the
ii ipsec-tools 1:0.6.7-1.1 IPsec tools for Linux
ii libc6 2.6.1-1 GNU C Library: Shared libraries
ii libcurl3 7.17.0-1 Multi-protocol file transfer libra
ii libgmp3c2 2:4.2.2+dfsg-1 Multiprecision arithmetic library
ii libldap2 2.1.30.dfsg-13.5 OpenLDAP libraries
ii libpam0g 0.99.7.1-5 Pluggable Authentication Modules l
ii libssl0.9.8 0.9.8g-1 SSL shared libraries
ii openssl 0.9.8g-1 Secure Socket Layer (SSL) binary a
openswan recommends no packages.
-- debconf information:
openswan/existing_x509_key_filename:
openswan/x509_state_name:
openswan/rsa_key_length: 2048
* openswan/restart: false
* openswan/start_level: "after PCMCIA"
* openswan/enable-oe: false
openswan/existing_x509_certificate: false
openswan/existing_x509_certificate_filename:
* openswan/create_rsa_key: false
openswan/x509_email_address:
openswan/x509_country_code: AT
openswan/x509_self_signed: true
openswan/x509_organizational_unit:
openswan/x509_locality_name:
openswan/x509_common_name:
openswan/rsa_key_type: x509
openswan/x509_organization_name:
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
