[Bug 1060541] [NEW] racoon: broken script env for IPv6
Simon Dickhoven
simon at dickhoven.com
Wed Oct 3 00:37:09 UTC 2012
Public bug reported:
ipsec-tools 0.7.1 which comes with Lucid has a bug (several, really)
that renders it inoperable for host-to-host IPSec via IPv6. The
particular bug I'm interested in eliminating has already been addressed
in ipsec-tools 0.8.0 which is available as of Oneiric.
The bug is described and reported here:
https://trac.ipsec-tools.net/ticket/300
A patch is also supplied at the above location and will hopefully apply
to the Ubuntu-maintained package verbatim.
The executive summary for this bug is that the LOCAL_ADDR and
REMOTE_ADDR environment variables accessible to the
phase1_up/phase1_down scripts defined in racoon.conf are set incorrectly
when those addresses are IPv6 addresses.
Instead of e.g.
2001:db8:200:6000:b04f:29c9:651f:5e0c
the env var is set to
::2001:db8:200:6000:b04f:29c9
which is obviously incorrect.
I was hoping that this patch (which seems very straight-forward and low-
risk) could be backported to 0.7.1 so it becomes available in Lucid. It
would be even better if it could be backported all the back to Hardy
(ipsec-tools 0.6.7) since we have a lot of servers running Hardy and
Lucid and having to upgrade all of them to Precise (the first LTS that
includes ipsec-tools 0.8.0) is going to be a show stopper for
implementing site-wide IPSec.
I'll be happy to assist with testing since I have several VMs and
laptops at my disposal to do so in a timely manner.
** Affects: ipsec-tools (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to ipsec-tools in Ubuntu.
https://bugs.launchpad.net/bugs/1060541
Title:
racoon: broken script env for IPv6
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ipsec-tools/+bug/1060541/+subscriptions
More information about the Ubuntu-server-bugs
mailing list