Bug#449512: marked as done (openswan: defaultroute with PPP does not work)

Sun, 20 Jan 2008 05:10:52 -0800 

Your message dated Sun, 20 Jan 2008 13:02:04 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#449512: fixed in openswan 1:2.4.9+dfsg-3
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message --- 
Package: openswan
Version: 1:2.4.9+dfsg-1
Severity: serious

After upgrading to this version from 2.4.8, my tunnels no longer work. At 
startup I get (slightly anonymised):

Nov  5 20:10:46 melech ipsec_setup: NETKEY on ppp0 
83.188.xxx.yyy/255.255.255.255 pointopoint 10.64.64.64
Nov  5 20:10:46 melech ipsec_setup: ...Openswan IPsec started
Nov  5 20:10:46 melech ipsec_setup: Starting Openswan IPsec 2.4.9...
Nov  5 20:10:46 melech ipsec__plutorun: ipsec_auto: fatal error in "home": 
%defaultroute requested but not known
Nov  5 20:10:46 melech ipsec__plutorun: ipsec_auto: fatal error in "dac": 
%defaultroute requested but not known

After downgrading to 1:2.4.8-dfsg-1 it works again. I have a ppp setup:

~$ ip route
10.64.64.64 dev ppp0  proto kernel  scope link  src 83.178.xxx.yyy
172.16.10.0/24 dev ppp0  scope link  src 172.16.10.240
default dev ppp0  scope link


/etc/ipsec.conf (slightly anonymised):

version 2

# basic configuration
config setup
    interfaces="%defaultroute"
    nat_traversal=yes
    plutowait=yes

conn %default
    authby=rsasig
    rightrsasigkey=%cert
    rightca="C=SE, L=...stuff removed..."
    left=%defaultroute
    dpddelay=30
    leftcert=host.pem

conn home
    leftsubnet=192.168.100.4/32
    leftsourceip=192.168.100.4
    right=home-gw.example.se
    rightid="C=SE, O=...stuff removed..."
    rightsubnet=192.168.100.0/24
    dpdaction=restart
    auto=add

conn dac
    leftsubnet=172.16.10.240/32
    leftsourceip=172.16.10.240
    right=gw.example.com
    rightsubnet=172.16.10.0/24
    [EMAIL PROTECTED]
    dpdaction=restart
    auto=add

#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf

# end of ipsec.conf



-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1, 
'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.24-rc1-melech (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=sv_SE.UTF-8, LC_CTYPE=sv_SE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages openswan depends on:
ii  bind9-host [host]       1:9.4.1-P1-3     Version of 'host' bundled with BIN
ii  bsdmainutils            6.1.7            collection of more utilities from 
ii  debconf [debconf-2.0]   1.5.14           Debian configuration management sy
ii  debianutils             2.25.1           Miscellaneous utilities specific t
ii  iproute                 20070313-1       Professional tools to control the 
ii  ipsec-tools             1:0.6.7-1.1      IPsec tools for Linux
ii  libc6                   2.6.1-1          GNU C Library: Shared libraries
ii  libcurl3                7.17.0-1         Multi-protocol file transfer libra
ii  libgmp3c2               2:4.2.2+dfsg-1   Multiprecision arithmetic library
ii  libldap2                2.1.30.dfsg-13.5 OpenLDAP libraries
ii  libpam0g                0.99.7.1-5       Pluggable Authentication Modules l
ii  libssl0.9.8             0.9.8g-1         SSL shared libraries
ii  openssl                 0.9.8g-1         Secure Socket Layer (SSL) binary a

openswan recommends no packages.

-- debconf information:
  openswan/existing_x509_key_filename:
  openswan/x509_state_name:
  openswan/rsa_key_length: 2048
* openswan/restart: false
* openswan/start_level: "after PCMCIA"
* openswan/enable-oe: false
  openswan/existing_x509_certificate: false
  openswan/existing_x509_certificate_filename:
* openswan/create_rsa_key: false
  openswan/x509_email_address:
  openswan/x509_country_code: AT
  openswan/x509_self_signed: true
  openswan/x509_organizational_unit:
  openswan/x509_locality_name:
  openswan/x509_common_name:
  openswan/rsa_key_type: x509
  openswan/x509_organization_name:

--- End Message ---
--- Begin Message --- 
Source: openswan
Source-Version: 1:2.4.9+dfsg-3

We believe that the bug you reported is fixed in the latest version of
openswan, which is due to be installed in the Debian FTP archive:

linux-patch-openswan_2.4.9+dfsg-3_all.deb
  to pool/main/o/openswan/linux-patch-openswan_2.4.9+dfsg-3_all.deb
openswan-modules-source_2.4.9+dfsg-3_all.deb
  to pool/main/o/openswan/openswan-modules-source_2.4.9+dfsg-3_all.deb
openswan_2.4.9+dfsg-3.diff.gz
  to pool/main/o/openswan/openswan_2.4.9+dfsg-3.diff.gz
openswan_2.4.9+dfsg-3.dsc
  to pool/main/o/openswan/openswan_2.4.9+dfsg-3.dsc
openswan_2.4.9+dfsg-3_i386.deb
  to pool/main/o/openswan/openswan_2.4.9+dfsg-3_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Rene Mayrhofer <[EMAIL PROTECTED]> (supplier of updated openswan package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sun, 20 Jan 2008 13:36:50 +0100
Source: openswan
Binary: linux-patch-openswan openswan-modules-source openswan
Architecture: source all i386
Version: 1:2.4.9+dfsg-3
Distribution: unstable
Urgency: low
Maintainer: Rene Mayrhofer <[EMAIL PROTECTED]>
Changed-By: Rene Mayrhofer <[EMAIL PROTECTED]>
Description: 
 linux-patch-openswan - IPSEC Linux kernel support for Openswan
 openswan   - IPSEC utilities for Openswan
 openswan-modules-source - IPSEC kernel modules source for Openswan
Closes: 449512
Changes: 
 openswan (1:2.4.9+dfsg-3) unstable; urgency=low
 .
   * Include upstream patch to make %defaultroute work with PPP uplinks
     in certain cases.
     Closes: #449512: openswan: defaultroute with PPP does not work
Files: 
 802695292f20e9391180e35b745af57e 857 net optional openswan_2.4.9+dfsg-3.dsc
 2df895aa69315c40cea740dc8288b279 87746 net optional 
openswan_2.4.9+dfsg-3.diff.gz
 3c530a163956da3a040defba3ecbd85f 527736 net optional 
openswan-modules-source_2.4.9+dfsg-3_all.deb
 2a78bd9656936352531949022f8840ae 605254 net optional 
linux-patch-openswan_2.4.9+dfsg-3_all.deb
 76cab2af1e29b3444fc41e62643a4c73 1787702 net optional 
openswan_2.4.9+dfsg-3_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHk0SJq7SPDcPCS94RAsXKAKD93q6KP+lzRT31O6tlcC4NL8tkfQCg6Z4r
NTftBPlRn18E1rgDf6MCxqo=
=+0jx
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to