| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 17 Nov 2017 11:03:46 +0100
From: Steffen Klassert <steffen.klassert@...unet.com>
To: Kevin Locke <kevin@...inlocke.name>, <netdev@...r.kernel.org>
Subject: Re: Bisected 4.14 Regression: IPsec transport mode breakage
On Wed, Nov 15, 2017 at 09:46:19AM -0700, Kevin Locke wrote:
> Hi all,
>
> I am using an L2TP/IPsec (transport mode) VPN connection from a client
> behind a NAT running Debian with strongswan 5.6.0-2 and xl2tpd
> 1.3.10-1 to a Cisco Meraki MX60 with a public IP. The connection
> works with kernel 4.13 but not with kernel 4.14. With 4.14 the IPsec
> connection appears to be established correctly but xl2tpd is unable to
> establish the L2TP connection. The relevant error from syslog is:
>
> charon: 09[KNL] creating acquire job for policy 192.168.21.10/32[udp/l2f] === X.X.X.X/32[udp/l2f] with reqid {1}
> charon: 12[CFG] trap not found, unable to acquire reqid 1
>
> I have bisected the issue to commit c9f3f813d462. I have attached the
> client ipsec.conf as well as the syslog during the connection attempt
> for both c9f3f813d462 (bad) and cf3796675174 (good). Meraki IPs have
> been redacted to protect the innocent.
>
> I'd appreciate any assistance in fixing the issue. Let me know if
> there's anything else I can do to help troubleshoot or test.
The offending commit is already reverted in the 'net' tree
and will be available in mainline soon.
Thanks for the report!
Powered by blists - more mailing lists