[Bug 1407274] [NEW] Identifier verification fails with UTF-8-encoded RDN
Public bug reported: Ubuntu Trusty seems to be affected by the scenario number 1 described in this post on OpenSSL's bug tracker: http://rt.openssl.org/Ticket/Attachment/45105/25601/ To summarize, verifying the peer's identifer fails when the peer's DN contains a component of ASN.1 type UTF8String. As per RFC 3280, all new X.509 certificates must use such an encoding for DNs. I have tested with the following version of racoon: 1:0.8.0-14ubuntu4 ** Affects: ipsec-tools (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to ipsec-tools in Ubuntu. https://bugs.launchpad.net/bugs/1407274 Title: Identifier verification fails with UTF-8-encoded RDN To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ipsec-tools/+bug/1407274/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 947309] Re: racoon phase 2 negotiation fails with Win Vista/7
I did some testing yesterday with the proposed package, and everything seems to work fine. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to ipsec-tools in Ubuntu. https://bugs.launchpad.net/bugs/947309 Title: racoon phase 2 negotiation fails with Win Vista/7 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ipsec-tools/+bug/947309/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 972786] Re: racoon does not bind to interfaces brought up afterwards
I had a discussion on this issue with one of the upstream developers. According to him, racoon should observe the addition of a new IP address via a NETLINK socket, but this functionality is broken in versions prior to 0.8 causing it to fail with some configurations. He also mentioned that there was also a kernel bug related to this, which has since been fixed. As I plan to upgrade to Precise quite soon, which ships with version 0.8, I think I can live with this bug, so this report can be closed. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to ipsec-tools in Ubuntu. https://bugs.launchpad.net/bugs/972786 Title: racoon does not bind to interfaces brought up afterwards To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ipsec-tools/+bug/972786/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 947309] Re: racoon phase 2 negotiation fails with Win Vista/7
It's the same story as with your PPA package: I installed the proposed package 4 weeks ago and haven't heard any complaints. I suppose the package fixes the problem without regressions, but haven't yet had the possibility to personally verify this. Is there some hard time limit before which the testing should be done? My current plan is to do it on week 24 when visiting my client next time. Is this all right (or do I need to set up my own test environment)? -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to ipsec-tools in Ubuntu. https://bugs.launchpad.net/bugs/947309 Title: racoon phase 2 negotiation fails with Win Vista/7 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ipsec-tools/+bug/947309/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 972786] Re: racoon does not bind to interfaces brought up afterwards
What kind of test case did you use? If you stop an interface and restart it while racoon is running, racoon has already bound to the IP address of the interface and will work, provided that the interface keeps the same address. The problem occurs when racoon starts up while an interface is down for some reason and is started after racoon. This can easily happen on a laptop for the wireless interface when the airplane mode is engaged during boot. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to ipsec-tools in Ubuntu. https://bugs.launchpad.net/bugs/972786 Title: racoon does not bind to interfaces brought up afterwards To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ipsec-tools/+bug/972786/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 947309] Re: racoon phase 2 negotiation fails with Win Vista/7
All right, I did some testing today. The problem indeed disappears with the patched packages. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to ipsec-tools in Ubuntu. https://bugs.launchpad.net/bugs/947309 Title: racoon phase 2 negotiation fails with Win Vista/7 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ipsec-tools/+bug/947309/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 947309] Re: racoon phase 2 negotiation fails with Win Vista/7
I installed the patched package on my client's server a couple of weeks ago, and I haven't heard any complaints since. I haven't yet had the chance to personally verify the behavior, but I plan to do that when I'm visiting their site later this week. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to ipsec-tools in Ubuntu. https://bugs.launchpad.net/bugs/947309 Title: racoon phase 2 negotiation fails with Win Vista/7 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ipsec-tools/+bug/947309/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 972786] [NEW] racoon does not bind to interfaces brought up afterwards
Public bug reported: Release: 11.04 racoon version: 1:0.7.3-12ubuntu1 When a new network interface is brought up, racoon does not bind to its address if already running. Many other daemon packages, such as openssh- server, contain a script in /etc/network/if-up.d to signal or restart the daemon in this situation. I think the racoon package should also come with such a script. ** Affects: ipsec-tools (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to ipsec-tools in Ubuntu. https://bugs.launchpad.net/bugs/972786 Title: racoon does not bind to interfaces brought up afterwards To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ipsec-tools/+bug/972786/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 972786] Re: racoon does not bind to interfaces brought up afterwards
** Patch added: Suggested solution https://bugs.launchpad.net/bugs/972786/+attachment/2998333/+files/ipsec-tools-sighup-on-if-up.patch -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to ipsec-tools in Ubuntu. https://bugs.launchpad.net/bugs/972786 Title: racoon does not bind to interfaces brought up afterwards To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ipsec-tools/+bug/972786/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 947309] Re: racoon phase 2 negotiation fails with Win Vista/7
Yes, I can help with that. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to ipsec-tools in Ubuntu. https://bugs.launchpad.net/bugs/947309 Title: racoon phase 2 negotiation fails with Win Vista/7 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ipsec-tools/+bug/947309/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 947309] Re: racoon phase 2 negotiation fails with Win Vista/7
This looks like the upstream bug report on the problem: http://gnats.netbsd.org/42363 There are two patches changing a single line in handler.c. I haven't yet verified if these patches really solve the problem, though. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to ipsec-tools in Ubuntu. https://bugs.launchpad.net/bugs/947309 Title: racoon phase 2 negotiation fails with Win Vista/7 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ipsec-tools/+bug/947309/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 947309] [NEW] racoon phase 2 negotiation fails with Win Vista/7
Public bug reported: Ubuntu release: 10.04 racoon package version: 1:0.7.1-1.6ubuntu1 IKE phase 2 negotiation fails with Windows Vista/7 L2TP clients if there already is a non-expired ESP SA for that client, created for the previous session. See the discussion here: http://comments.gmane.org/gmane.network.ipsec.tools.devel/2246 The suggested correction is to update racoon to version 0.8. ** Affects: ipsec-tools (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to ipsec-tools in Ubuntu. https://bugs.launchpad.net/bugs/947309 Title: racoon phase 2 negotiation fails with Win Vista/7 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ipsec-tools/+bug/947309/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs