[Openswan Users] Bug in fedora core kernels 2.6.16-1.* ?

Christian Bachmaier chris at infosun.fmi.uni-passau.de
Wed May 17 10:15:24 CEST 2006 

Hi guys,

I have to correct myself: With kernel 2.6.16-1.2108_FC4 and file transfers 
over the VPN there are also stalls as with prior 2.6.16 kernels.
Also I had no success with ppp 2.4.3-6.2.1 from core 5 srpm recompiled for 
core 4.

In my opinion the changes from fedora kernels 2.6.15 to 2.6.16 are causing 
the problem. Maybe there are some modules missing, some bahaviour changed 
and openswan, l2tpd, or ppp should be adapted, or there is a bug in those 
kernels. Difficult to detect, since fedora kernels are patched and thus not 
vanilla. Does the problem exist in any other distro?
Is there anyone who exactly can reproduce the behaviour on fedora?

Here is my exact test config which works well with fedora kernel 
2.6.15-1.1833 . In all other related files I made no changes:

--
ip_forward activated in /etc/sysctl:
--

net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1

--
/etc/ppp/chap_secrets
--
myusname           *       "secretpw"              *

--
/etc/ppp/options.l2tpd
--
ipcp-accept-local
ipcp-accept-remote
ms-dns  132.231.1.24
ms-dns  132.231.51.4
ms-wins 132.231.64.201
noccp
auth
crtscts
idle 1800
mtu 1410
mru 1410
nodefaultroute
debug
lock
proxyarp
connect-delay 5000

--
/etc/l2tpd
--
[global]

[lns default]
ip range = 132.231.64.209-132.231.64.210
local ip = 132.231.64.208
require chap = yes
refuse pap = yes
require authentication = yes
name = InfosunVPNserver
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd
length bit = yes

--
/etc/ipsec.d/l2tp.conf
--
conn L2TP-PSK
        authby=secret
        pfs=no
        rekey=no
        keyingtries=3
        left=%defaultroute
        leftprotoport=17/1701
        right=%any
        rightprotoport=17/1701
        auto=add

--
/etc/ipsec.d/l2tp.secrets
--
132.231.64.123 %any: PSK "secretpsk"


Many thanx for your help,

--
Christian Bachmaier
chris at infosun.fmi.uni-passau.de 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2819 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20060517/8b5e7de0/smime.bin

More information about the Users mailing list