[Openswan Users] Bug in fedora core kernels 2.6.16-1.* ?
Christian Bachmaier
chris at infosun.fmi.uni-passau.de
Wed May 17 10:15:24 CEST 2006
Hi guys,
I have to correct myself: With kernel 2.6.16-1.2108_FC4 and file transfers
over the VPN there are also stalls as with prior 2.6.16 kernels.
Also I had no success with ppp 2.4.3-6.2.1 from core 5 srpm recompiled for
core 4.
In my opinion the changes from fedora kernels 2.6.15 to 2.6.16 are causing
the problem. Maybe there are some modules missing, some bahaviour changed
and openswan, l2tpd, or ppp should be adapted, or there is a bug in those
kernels. Difficult to detect, since fedora kernels are patched and thus not
vanilla. Does the problem exist in any other distro?
Is there anyone who exactly can reproduce the behaviour on fedora?
Here is my exact test config which works well with fedora kernel
2.6.15-1.1833 . In all other related files I made no changes:
--
ip_forward activated in /etc/sysctl:
--
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
--
/etc/ppp/chap_secrets
--
myusname * "secretpw" *
--
/etc/ppp/options.l2tpd
--
ipcp-accept-local
ipcp-accept-remote
ms-dns 132.231.1.24
ms-dns 132.231.51.4
ms-wins 132.231.64.201
noccp
auth
crtscts
idle 1800
mtu 1410
mru 1410
nodefaultroute
debug
lock
proxyarp
connect-delay 5000
--
/etc/l2tpd
--
[global]
[lns default]
ip range = 132.231.64.209-132.231.64.210
local ip = 132.231.64.208
require chap = yes
refuse pap = yes
require authentication = yes
name = InfosunVPNserver
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd
length bit = yes
--
/etc/ipsec.d/l2tp.conf
--
conn L2TP-PSK
authby=secret
pfs=no
rekey=no
keyingtries=3
left=%defaultroute
leftprotoport=17/1701
right=%any
rightprotoport=17/1701
auto=add
--
/etc/ipsec.d/l2tp.secrets
--
132.231.64.123 %any: PSK "secretpsk"
Many thanx for your help,
--
Christian Bachmaier
chris at infosun.fmi.uni-passau.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2819 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20060517/8b5e7de0/smime.bin
More information about the Users
mailing list