This bug was fixed in the package strongswan - 5.3.5-1ubuntu3.5
---
strongswan (5.3.5-1ubuntu3.5) xenial; urgency=medium
* d/p/ikev1-First-do-PSK-lookups-lp1734207.patch ensure evaluation
with resolvable hostnames selects the right PSK (LP: #1734207).
-- Christian Ehrhardt
This bug was fixed in the package strongswan - 5.5.1-4ubuntu2.2
---
strongswan (5.5.1-4ubuntu2.2) artful; urgency=medium
* d/p/ikev1-First-do-PSK-lookups-lp1734207.patch ensure evaluation
with resolvable hostnames selects the right PSK (LP: #1734207).
-- Christian Ehrhardt
This bug was fixed in the package strongswan - 5.5.1-1ubuntu3.3
---
strongswan (5.5.1-1ubuntu3.3) zesty; urgency=medium
* d/p/ikev1-First-do-PSK-lookups-lp1734207.patch ensure evaluation
with resolvable hostnames selects the right PSK (LP: #1734207).
-- Christian Ehrhardt
Thanks for the extra general regression check Simon!
And also for the documentation of the detailed tests you did.
I used that to test Artful and Zesty as well.
Files as outlined by Simon Deziel, just in my case IPs different.
Note: needs hosts file on east and west.
zesty
169.254.6.1 =>
Hi,
I had to changed my setup to workaround this issue, I'm unable to test
it at this time now.
Sorry.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1734207
Title:
Multiple PSKs with dyndns
I've tested two other scenarios (always on Xenial):
1) IKEv1+XAUTH PSK
2) IKEv2+EAP MSCHAPv2
and both worked so no regression there.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1734207
Title:
Verified with 5.3.5-1ubuntu3.5 on Xenial. Here is the testing procedure
with east01 as the roadwarrior with IP 169.254.6.1 (foo.bar.org) and
west01 as the concentrator with IP 169.254.6.2.
west01:
root@west01:~# grep foo /etc/hosts
169.254.6.1 foo.bar.org
root@west01:~# cat /etc/ipsec.conf
#
** Tags removed: verification-needed-xenial
** Tags added: verification-done-xenial
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1734207
Title:
Multiple PSKs with dyndns left/rightids doesn't work
Hello Jan-Otto, or anyone else affected,
Accepted strongswan into xenial-proposed. The package will build now and
be available at
https://launchpad.net/ubuntu/+source/strongswan/5.3.5-1ubuntu3.5 in a
few hours, and then in the -proposed repository.
Please help us by testing this new package.
Hello Jan-Otto, or anyone else affected,
Accepted strongswan into artful-proposed. The package will build now and
be available at
https://launchpad.net/ubuntu/+source/strongswan/5.5.1-4ubuntu2.2 in a
few hours, and then in the -proposed repository.
Please help us by testing this new package.
Ok, all my tests look good, but they are rather trivial compared to some setups
in the wild.
I have a ppa with what I'd like to move to proposed if confirmed at [1].
I pushed a Merge Proposal for the packaging changes and got an ack by
fellow packagers.
@Jan-Otto - could you test the case with
** Merge proposal linked:
https://code.launchpad.net/~paelzer/ubuntu/+source/strongswan/+git/strongswan/+merge/335311
** Merge proposal linked:
https://code.launchpad.net/~paelzer/ubuntu/+source/strongswan/+git/strongswan/+merge/335312
** Merge proposal linked:
** Description changed:
+ [Impact]
+
+ * charon unnecessarily selects a wrong PSK in some cases:
+* A site-to-site connection using resolvable hostnames (e.g., DynDNS) as
identities in /etc/ipsec.secrets and a Roadwarrior connection (using %any as
remote peer identity)
+* Multiple
So the final commit for this issue on 5.5.2 is [1].
Current Ubuntu releases are on
- Zesty/Artful on 5.5.1
- Xenial on 5.3.5
Purely from a "patch applies" POV this applies to all three.
But obviously the confidence that this works perfectly fine is much higher on
5.5.1 than on 5.3.5.
I have
** Also affects: strongswan (Ubuntu Artful)
Importance: Undecided
Status: New
** Also affects: strongswan (Ubuntu Zesty)
Importance: Undecided
Status: New
** Also affects: strongswan (Ubuntu Xenial)
Importance: Undecided
Status: New
--
You received this bug
This bug was fixed in the package strongswan - 5.6.1-2ubuntu1
---
strongswan (5.6.1-2ubuntu1) bionic; urgency=medium
* Merge with Debian unstable (LP: #1717343).
Also fixes and issue with multiple psk's (LP: #1734207). Remaining changes:
+ Clean up
Hi Jan,
I'll hopefully be looking at the merge of 5.6.1 next week which includes that
fix.
Once in the latest Ubuntu release we can look at the doability of a backport.
On a first sniff test it at least applies cleanly to the code in Xenial.
That still needs to follow some process and extra
17 matches
Mail list logo
