[Group.of.nepali.translators] [Bug 1734207] Re: Multiple PSKs with dyndns left/rightids doesn't work
This bug was fixed in the package strongswan - 5.3.5-1ubuntu3.5 --- strongswan (5.3.5-1ubuntu3.5) xenial; urgency=medium * d/p/ikev1-First-do-PSK-lookups-lp1734207.patch ensure evaluation with resolvable hostnames selects the right PSK (LP: #1734207). -- Christian EhrhardtMon, 18 Dec 2017 11:22:24 +0100 ** Changed in: strongswan (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1734207 Title: Multiple PSKs with dyndns left/rightids doesn't work Status in strongswan package in Ubuntu: Fix Released Status in strongswan source package in Xenial: Fix Released Status in strongswan source package in Zesty: Fix Released Status in strongswan source package in Artful: Fix Released Bug description: [Impact] * charon unnecessarily selects a wrong PSK in some cases: * A site-to-site connection using resolvable hostnames (e.g., DynDNS) as identities in /etc/ipsec.secrets and a Roadwarrior connection (using %any as remote peer identity) * Multiple site-to-site connections using resolvable hostnames as identities * Fix is a backport from upstream in since 5.5.2 [Test Case] * There are detailed steps on how to configure for this case on https://wiki.strongswan.org/issues/2223 [Regression Potential] * It is known (see discussion in upstream bug) that this can slightly increase the connection setup as it adds a dns query. But un-breaking the covered use cases was considered worth to do so upstream, and so should we. * By changing the IKEv1 PSK codepath is the only changed path, so this is the area where unexpected regressions could occur. None of the testing found some so far and since upstream didn't change it for a while it seems safe to me. [Other Info] * n/a --- See: https://wiki.strongswan.org/issues/2223 There is a chance to get an backport into xenial? It's fixed in the upstream version 5.5.2 # apt-cache policy strongswan strongswan: Installed: 5.3.5-1ubuntu3.4 Candidate: 5.3.5-1ubuntu3.4 # lsb_release -rd Description:Ubuntu 16.04.3 LTS Release:16.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1734207/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1734207] Re: Multiple PSKs with dyndns left/rightids doesn't work
This bug was fixed in the package strongswan - 5.5.1-4ubuntu2.2 --- strongswan (5.5.1-4ubuntu2.2) artful; urgency=medium * d/p/ikev1-First-do-PSK-lookups-lp1734207.patch ensure evaluation with resolvable hostnames selects the right PSK (LP: #1734207). -- Christian EhrhardtMon, 18 Dec 2017 11:05:57 +0100 ** Changed in: strongswan (Ubuntu Artful) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1734207 Title: Multiple PSKs with dyndns left/rightids doesn't work Status in strongswan package in Ubuntu: Fix Released Status in strongswan source package in Xenial: Fix Committed Status in strongswan source package in Zesty: Fix Released Status in strongswan source package in Artful: Fix Released Bug description: [Impact] * charon unnecessarily selects a wrong PSK in some cases: * A site-to-site connection using resolvable hostnames (e.g., DynDNS) as identities in /etc/ipsec.secrets and a Roadwarrior connection (using %any as remote peer identity) * Multiple site-to-site connections using resolvable hostnames as identities * Fix is a backport from upstream in since 5.5.2 [Test Case] * There are detailed steps on how to configure for this case on https://wiki.strongswan.org/issues/2223 [Regression Potential] * It is known (see discussion in upstream bug) that this can slightly increase the connection setup as it adds a dns query. But un-breaking the covered use cases was considered worth to do so upstream, and so should we. * By changing the IKEv1 PSK codepath is the only changed path, so this is the area where unexpected regressions could occur. None of the testing found some so far and since upstream didn't change it for a while it seems safe to me. [Other Info] * n/a --- See: https://wiki.strongswan.org/issues/2223 There is a chance to get an backport into xenial? It's fixed in the upstream version 5.5.2 # apt-cache policy strongswan strongswan: Installed: 5.3.5-1ubuntu3.4 Candidate: 5.3.5-1ubuntu3.4 # lsb_release -rd Description:Ubuntu 16.04.3 LTS Release:16.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1734207/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1734207] Re: Multiple PSKs with dyndns left/rightids doesn't work
This bug was fixed in the package strongswan - 5.5.1-1ubuntu3.3 --- strongswan (5.5.1-1ubuntu3.3) zesty; urgency=medium * d/p/ikev1-First-do-PSK-lookups-lp1734207.patch ensure evaluation with resolvable hostnames selects the right PSK (LP: #1734207). -- Christian EhrhardtMon, 18 Dec 2017 11:13:53 +0100 ** Changed in: strongswan (Ubuntu Zesty) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1734207 Title: Multiple PSKs with dyndns left/rightids doesn't work Status in strongswan package in Ubuntu: Fix Released Status in strongswan source package in Xenial: Fix Committed Status in strongswan source package in Zesty: Fix Released Status in strongswan source package in Artful: Fix Released Bug description: [Impact] * charon unnecessarily selects a wrong PSK in some cases: * A site-to-site connection using resolvable hostnames (e.g., DynDNS) as identities in /etc/ipsec.secrets and a Roadwarrior connection (using %any as remote peer identity) * Multiple site-to-site connections using resolvable hostnames as identities * Fix is a backport from upstream in since 5.5.2 [Test Case] * There are detailed steps on how to configure for this case on https://wiki.strongswan.org/issues/2223 [Regression Potential] * It is known (see discussion in upstream bug) that this can slightly increase the connection setup as it adds a dns query. But un-breaking the covered use cases was considered worth to do so upstream, and so should we. * By changing the IKEv1 PSK codepath is the only changed path, so this is the area where unexpected regressions could occur. None of the testing found some so far and since upstream didn't change it for a while it seems safe to me. [Other Info] * n/a --- See: https://wiki.strongswan.org/issues/2223 There is a chance to get an backport into xenial? It's fixed in the upstream version 5.5.2 # apt-cache policy strongswan strongswan: Installed: 5.3.5-1ubuntu3.4 Candidate: 5.3.5-1ubuntu3.4 # lsb_release -rd Description:Ubuntu 16.04.3 LTS Release:16.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1734207/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp