Public bug reported: ipsec-tools 0.7.1 which comes with Lucid has a bug (several, really) that renders it inoperable for host-to-host IPSec via IPv6. The particular bug I'm interested in eliminating has already been addressed in ipsec-tools 0.8.0 which is available as of Oneiric.
The bug is described and reported here: https://trac.ipsec-tools.net/ticket/300 A patch is also supplied at the above location and will hopefully apply to the Ubuntu-maintained package verbatim. The executive summary for this bug is that the LOCAL_ADDR and REMOTE_ADDR environment variables accessible to the phase1_up/phase1_down scripts defined in racoon.conf are set incorrectly when those addresses are IPv6 addresses. Instead of e.g. 2001:db8:200:6000:b04f:29c9:651f:5e0c the env var is set to ::2001:db8:200:6000:b04f:29c9 which is obviously incorrect. I was hoping that this patch (which seems very straight-forward and low- risk) could be backported to 0.7.1 so it becomes available in Lucid. It would be even better if it could be backported all the back to Hardy (ipsec-tools 0.6.7) since we have a lot of servers running Hardy and Lucid and having to upgrade all of them to Precise (the first LTS that includes ipsec-tools 0.8.0) is going to be a show stopper for implementing site-wide IPSec. I'll be happy to assist with testing since I have several VMs and laptops at my disposal to do so in a timely manner. ** Affects: ipsec-tools (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to ipsec-tools in Ubuntu. https://bugs.launchpad.net/bugs/1060541 Title: racoon: broken script env for IPv6 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ipsec-tools/+bug/1060541/+subscriptions -- Ubuntu-server-bugs mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
