| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20171115164619.jm45l5n3pbuabu5q@kevinolos>
Date: Wed, 15 Nov 2017 09:46:19 -0700
From: Kevin Locke <kevin@...inlocke.name>
To: netdev@...r.kernel.org
Cc: Steffen Klassert <steffen.klassert@...unet.com>
Subject: Bisected 4.14 Regression: IPsec transport mode breakage
Hi all,
I am using an L2TP/IPsec (transport mode) VPN connection from a client
behind a NAT running Debian with strongswan 5.6.0-2 and xl2tpd
1.3.10-1 to a Cisco Meraki MX60 with a public IP. The connection
works with kernel 4.13 but not with kernel 4.14. With 4.14 the IPsec
connection appears to be established correctly but xl2tpd is unable to
establish the L2TP connection. The relevant error from syslog is:
charon: 09[KNL] creating acquire job for policy 192.168.21.10/32[udp/l2f] === X.X.X.X/32[udp/l2f] with reqid {1}
charon: 12[CFG] trap not found, unable to acquire reqid 1
I have bisected the issue to commit c9f3f813d462. I have attached the
client ipsec.conf as well as the syslog during the connection attempt
for both c9f3f813d462 (bad) and cf3796675174 (good). Meraki IPs have
been redacted to protect the innocent.
I'd appreciate any assistance in fixing the issue. Let me know if
there's anything else I can do to help troubleshoot or test.
P.S. Please CC me, as I am not subscribed to netdev@. Thanks!
--
Thanks, | kevin@...inlocke.name | XMPP: kevin@...inlocke.name
Kevin | https://kevinlocke.name | IRC: kevinoid on freenode
View attachment "ipsec.conf" of type "text/plain" (462 bytes)
View attachment "c9f3f813d462-bad.syslog" of type "text/plain" (13133 bytes)
View attachment "cf3796675174-good.syslog" of type "text/plain" (18687 bytes)
Powered by blists - more mailing lists