[Bug 1060541] [NEW] racoon: broken script env for IPv6

[Simon Dickhoven]

Public bug reported:

ipsec-tools 0.7.1 which comes with Lucid has a bug (several, really)
that renders it inoperable for host-to-host IPSec via IPv6. The
particular bug I'm interested in eliminating has already been addressed
in ipsec-tools 0.8.0 which is available as of Oneiric.

The bug is described and reported here:

https://trac.ipsec-tools.net/ticket/300

A patch is also supplied at the above location and will hopefully apply
to the Ubuntu-maintained package verbatim.

The executive summary for this bug is that the LOCAL_ADDR and
REMOTE_ADDR environment variables accessible to the
phase1_up/phase1_down scripts defined in racoon.conf are set incorrectly
when those addresses are IPv6 addresses.

Instead of e.g.

2001:db8:200:6000:b04f:29c9:651f:5e0c

the env var is set to

::2001:db8:200:6000:b04f:29c9

which is obviously incorrect.

I was hoping that this patch (which seems very straight-forward and low-
risk) could be backported to 0.7.1 so it becomes available in Lucid. It
would be even better if it could be backported all the back to Hardy
(ipsec-tools 0.6.7) since we have a lot of servers running Hardy and
Lucid and having to upgrade all of them to Precise (the first LTS that
includes ipsec-tools 0.8.0) is going to be a show stopper for
implementing site-wide IPSec.

I'll be happy to assist with testing since I have several VMs and
laptops at my disposal to do so in a timely manner.

** Affects: ipsec-tools (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to ipsec-tools in Ubuntu.
https://bugs.launchpad.net/bugs/1060541

Title:
  racoon: broken script env for IPv6

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ipsec-tools/+bug/1060541/+subscriptions