[Bug 391370] [NEW] Cannot decapsulate IPv6 from ESP since 2.6.27

Fredrik Ljunggren fredrik at kirei.se
Tue Jun 23 22:25:55 UTC 2009

Public bug reported:

Binary package hint: linux-image

Since linux kernel version 2.6.27 IPv6 packages recieved over IPSEC is
never decapsulated but silently dropped.

It can easily be verified since the module xfrm6_mode_tunnel isn't
inserted when installing a SPD containing policies for IPv6 via setkey.

Even if manually installed via modprobe, it is never used.

The policy itself installs and can be viewed with setkey -DP, but
incoming rules for IPv6 never gets any packages. Outgoing
(encapsulation) is working.

The result of this seems to be total failure of IPv6 over IPSEC for all
kernel versions >= 2.6.27.

Verified working versions:
  linux-image-2.6.24-23-generic (2.6.24-23.52)
  linux-image-2.6.25-2-386 (2.6.25-2.3) 

Verified non-working versions:
  linux-image-2.6.27-7-generic (2.6.27-7.16)
  linux-image-2.6.28-11-generic (2.6.28-11.42)
  linux-image-2.6.28-13-generic (2.6.28-13.44)
  linux-image-2.6.30-10-generic (2.6.30-10.12)

** Affects: linux-meta (Ubuntu)
     Importance: Undecided
         Status: New

** Summary changed:

- Cannot decapsulate IPv6 från ESP since 2.6.27
+ Cannot decapsulate IPv6 from ESP since 2.6.27

Cannot decapsulate IPv6 from ESP since 2.6.27
You received this bug notification because you are a member of Kernel
Bugs, which is subscribed to linux-meta in ubuntu.

More information about the kernel-bugs mailing list