[Openswan Users] Bug in fedora core kernels 2.6.16-1.* ?

Christian Bachmaier chris at infosun.fmi.uni-passau.de
Tue May 16 12:17:17 CEST 2006


I am using L2TP over IPsec to connect external WinXP clients (out of the
box) to a internal lan. Therefore I run openswan 2.4.4-1.0FC4 using NETKEY ,
l2tpd 0.69-0.2.20051030 (from the extras branch), and ppp
2.4.2 on a Fedora core 4 box. The programs are the newest rpms provided for
core 4 .
The configuration using preshared keys is as shown in the tutorial
http://www.jacco2.dds.nl/networking/freeswan-l2tp.html .

With kernel 2.5.15-1.1833_FC4 everthing works fine. But when updating to one
of the newer kernels 2.6.16-1.2069_FC4 or 2.6.16-1.2096_FC4 and leaving
everything else as is, then a VPN connection stalls reproducibly while
transfering files, e.g., downloading a 1MB file per FTP on the WinXP client
over the VPN. A single connection suffices.
Unfortunately, there is no log entry which could clarify this behaviour.
However, the connection build-up seems to work correctly and transfering 
files in most cases works. This sounds like an MTU size problem, but I am
nearly sure that it is not. I know there was a change in the IP-stack of the
new kernels which also caused stalls in NFS v4 connections.

I already tried to recompile openswan-2.4.4- from core 5 on core 4:
the same behaviour. Thus the bug(?) may also occur in core 5. Also with the
newest source 2.4.5 from www.openswan.org I had no success.

With kernels 2.6.16-1.2107_FC4 / 2.6.16-1.2108_FC4 this problem (with the 
config) seems to be solved. But only at a first glance: now there are
reproducable stalls when connecting via RDP (winxp remote desctop 
from an external winxp box to an internal winxp box over the VPN.
Are there any known issues about that?

If desired, I can send my config files.

Thanx for your interest,

Christian Bachmaier
chris at infosun.fmi.uni-passau.de 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2819 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20060516/5f5c24f3/smime.bin

More information about the Users mailing list