racoon: broken script env for IPv6
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ipsec-tools (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Hardy |
Won't Fix
|
Undecided
|
Unassigned | ||
Lucid |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
ipsec-tools 0.7.1 which comes with Lucid has a bug (several, really) that renders it inoperable for host-to-host IPSec via IPv6. The particular bug I'm interested in eliminating has already been addressed in ipsec-tools 0.8.0 which is available as of Oneiric.
The bug is described and reported here:
https:/
A patch is also supplied at the above location and will hopefully apply to the Ubuntu-maintained package verbatim.
The executive summary for this bug is that the LOCAL_ADDR and REMOTE_ADDR environment variables accessible to the phase1_
Instead of e.g.
2001:db8:
the env var is set to
::2001:
which is obviously incorrect.
I was hoping that this patch (which seems very straight-forward and low-risk) could be backported to 0.7.1 so it becomes available in Lucid. It would be even better if it could be backported all the back to Hardy (ipsec-tools 0.6.7) since we have a lot of servers running Hardy and Lucid and having to upgrade all of them to Precise (the first LTS that includes ipsec-tools 0.8.0) is going to be a show stopper for implementing site-wide IPSec.
I'll be happy to assist with testing since I have several VMs and laptops at my disposal to do so in a timely manner.
Added (via hggdh - thank you!) bug tasks for Lucid and Hardy, and marking as Fix Released in the current development version, as ipsec-tools has been on 0.8 since Oneiric.