Wrong ID type sent when configured for Xauth and U-FQDN
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ipsec-tools (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: ipsec-tools
When configuring racoon to connect to an IPSec gateway that requires a remote ID of type user_fqdn and an Xauth login, racoon in Hardy (from ipsec-tools 0.6.7) doesn't do this, and instead proposes it's IPv4 address. I will attach an example racoon.conf that exhibits this issue.
According to the debug log:
2008-05-22 17:48:55: DEBUG: configuration found for XXXXX
2008-05-22 17:48:55: INFO: IPsec-SA request for XXXXX queued due to no phase1 found.
2008-05-22 17:48:55: DEBUG: ===
2008-05-22 17:48:55: INFO: initiate new phase 1 negotiation: XXXXX
2008-05-22 17:48:55: INFO: begin Aggressive mode.
2008-05-22 17:48:55: DEBUG: new cookie: a659377366141b01
2008-05-22 17:48:55: DEBUG: use ID type of IPv4_address
2008-05-22 17:48:55: DEBUG: compute DH's private.
With ipsec-tools 0.7 in Debian lenny, this issue doesn't appear and I can connect the VPN as usual.
This bug was fixed in the package ipsec-tools - 1:0.7-2.1ubuntu1
---------------
ipsec-tools (1:0.7-2.1ubuntu1) intrepid; urgency=low
* Merge from debian unstable, remaining changes: ipsec-tools. setkey. init: ipsec-tools. setkey. init: policy_ token.c: don't check return code of fwrite. setkey. c: stop scanning stdin if fgets fails.
- debian/control:
- Set Ubuntu maintainer address.
- Depend on lsb-base.
- debian/
- LSB init script.
* Dropped:
- debian/
- restart method: stop then start.
- Use {} instead of () in usage (bash_completion).
- debian/racoon.init:
- Create /var/run/racoon.
- Use {} instead of () in usage (bash_completion).
* Bug fixed by this merge:
- fix XAuth with U-FQDN (LP: #234166).
* Enable build with hardened options:
- src/libipsec/
- src/setkey/
-- Mathias Gug <email address hidden> Wed, 18 Jun 2008 17:34:55 -0400