[Openswan Users] Bug in fedora core kernels 2.6.16-1.* ?
Matthew Radey
webmaster at freejazz.org
Tue May 16 08:31:13 CEST 2006
I've observed the much the same behavior running kernel
2.5.15-1.1833_FC4 and openswan 2.4.4 on Fedora. Higher Fedora kernel
versions do not work properly. I can ping all over all my tunnels with
those kernels, but other traffic is not so reliable.
Cheers,
Matthew
On Tue, 2006-05-16 at 11:17 +0200, Christian Bachmaier wrote:
> Hello,
>
> I am using L2TP over IPsec to connect external WinXP clients (out of the
> box) to a internal lan. Therefore I run openswan 2.4.4-1.0FC4 using NETKEY ,
> l2tpd 0.69-0.2.20051030 (from the extras branch), and ppp
> 2.4.2 on a Fedora core 4 box. The programs are the newest rpms provided for
> core 4 .
> The configuration using preshared keys is as shown in the tutorial
> http://www.jacco2.dds.nl/networking/freeswan-l2tp.html .
>
> With kernel 2.5.15-1.1833_FC4 everthing works fine. But when updating to one
> of the newer kernels 2.6.16-1.2069_FC4 or 2.6.16-1.2096_FC4 and leaving
> everything else as is, then a VPN connection stalls reproducibly while
> transfering files, e.g., downloading a 1MB file per FTP on the WinXP client
> over the VPN. A single connection suffices.
> Unfortunately, there is no log entry which could clarify this behaviour.
> However, the connection build-up seems to work correctly and transfering
> small
> files in most cases works. This sounds like an MTU size problem, but I am
> nearly sure that it is not. I know there was a change in the IP-stack of the
> new kernels which also caused stalls in NFS v4 connections.
>
> I already tried to recompile openswan-2.4.4-1.1.2.1 from core 5 on core 4:
> the same behaviour. Thus the bug(?) may also occur in core 5. Also with the
> newest source 2.4.5 from www.openswan.org I had no success.
>
> With kernels 2.6.16-1.2107_FC4 / 2.6.16-1.2108_FC4 this problem (with the
> same
> config) seems to be solved. But only at a first glance: now there are
> reproducable stalls when connecting via RDP (winxp remote desctop
> connection)
> from an external winxp box to an internal winxp box over the VPN.
> Are there any known issues about that?
>
> If desired, I can send my config files.
>
> Thanx for your interest,
>
> --
> Christian Bachmaier
> chris at infosun.fmi.uni-passau.de
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list