** Patch added: "ipsec-tools.debdiff" https://bugs.launchpad.net/ubuntu/+source/ipsec-tools/+bug/947309/+attachment/3039038/+files/ipsec-tools.debdiff
** Description changed: + SRU JUSTIFICATION + + [Impact] + + Use for interoperability with other VPN systems including use as a VPN + concentrator is a major use case for ipsec-tools. A large number of + users have Windows clients. This bug in ipsec-tools causes unreliable + interoperability between Ubuntu and the Windows Vista and 7 VPN clients. + + [Development Fix] + + Fixed in upstream CVS, src/racoon/handler.c revisions 1.31 and 1.32 (see + http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec- + tools/src/racoon/handler.c?only_with_tag=MAIN). This fix went into + upstream 0.8. Precise is at 1:0.8.0-9ubuntu1 so already includes this + fix. + + [Stable Fix] + + See debdiff, attached. + + [Test Case] + + From http://comments.gmane.org/gmane.network.ipsec.tools.devel/2246, + with thanks to Loren M. Lang: + + A specific, repeatable test case I was using is as follows. Restart + racoon daemon on Linux server. Initiate L2TP VPN connection on Windows + 7 (while on same subnet as Linux server.) Verify VPN is working with + ping from server. First attempt is always successful. Disconnect VPN. + Racoon reports ISAKMP-SA deleted. Reconnect and VPN hangs negotiating + phase 2. Last message from racoon reports ISAKMP-SA established. + Initiate L2TP VPN from a separate Windows XP computer also on the same + subnet as the Linux server. Verify VPN connection with ping from Linux + and disconnect VPN. Repeat a second time and it still successful on XP. + Make sure VPN is disconnected on XP and make a third attempt at VPN on + Windows 7. It still fails like the second attempt. + + [Regression Potential] + + Upstream have been carrying this fix for over two years, and the fix is + still present in upstream CVS HEAD. The original reporter has confirmed + that this fix works without issues. Thus the potential for regressions + is minimal. + + + ORIGINAL REPORT + Ubuntu release: 10.04 racoon package version: 1:0.7.1-1.6ubuntu1 IKE phase 2 negotiation fails with Windows Vista/7 L2TP clients if there already is a non-expired ESP SA for that client, created for the previous session. See the discussion here: http://comments.gmane.org/gmane.network.ipsec.tools.devel/2246 The suggested correction is to update racoon to version 0.8. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/947309 Title: racoon phase 2 negotiation fails with Win Vista/7 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ipsec-tools/+bug/947309/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
