[Openswan Users] L2TP/IPSEC response unencrypted (was openswan-2.6.24rc1 NATed MacOS Kernel crash)

[Giovani Moda]

> volume transfers through the tunnels now to test its stability.

Bad news: although the tunnel gets established and xl2tp can reach the
client, the tunnel won't hold up. After a few Mb of data transferred,
for some reason, there are a lot of rekey attempts and the tunnel goes
down. It happens both with klips and netkey. I'm attaching
/var/log/secure logs for both scenarios and also /var/log/messages logs
showing klips complaining about "auth failed".


> Ubuntu 9.04 has kernel-2.6.28-15, so I never applied an old-style
NAT-T
> patch on it. It should work without it, right?

About that, I'm closing down on this crash and it seems that a change
made on the kernel API from 2.6.24 to 2.6.25 is causing crashes when
using klips with kernels over 2.6.24. I'm trying to close down the last
usable subversion so maybe you can figured out what has changed. I'll
keep you posted.
 

__________ Information from ESET NOD32 Antivirus, version of virus
signature database 4549 (20091027) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com
 
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: klips-dropping-tunnel.txt
Url: http://lists.openswan.org/pipermail/users/attachments/20091027/7f8adcc4/attachment.txt 
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: netkey-dropping-tunnel.txt
Url: http://lists.openswan.org/pipermail/users/attachments/20091027/7f8adcc4/attachment-0001.txt 
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: klips-auth-failed.txt
Url: http://lists.openswan.org/pipermail/users/attachments/20091027/7f8adcc4/attachment-0002.txt