StrongSwan incorrectly generating esp packets
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
strongswan (Ubuntu) |
Invalid
|
Low
|
Unassigned |
Bug Description
When pinging a remote node from my Ubuntu 14.04 LTS(GNU/Linux 3.8.13-bone59 armv7l) over an established StrongSwan VPN tunnel, the remote node sees the generated esp packets (via tcpdump), but does not respond. I think this is an armhf package issue, because I tested the configuration, certs and keys using Ubuntu on an x86 and using Raspian on a RaspberryPi, and the remote node responded as expected, and had esp packets going both directions. Leading me to guess that this is an ARMv7 specific issue.
Description: Ubuntu 14.04.1 LTS
Release: 14.04
strongswan:
Installed: 5.1.2-0ubuntu2
Candidate: 5.1.2-0ubuntu2
Version table:
*** 5.1.2-0ubuntu2 0
500 http://
100 /var/lib/
Thank you for taking the time to report this bug and helping to make Ubuntu better.
Is it clear that this is a userspace issue, and not a kernel bug? ESP packets are generated by the kernel; strongswan just does the keying setup, right? And here I see that you're using a non-Ubuntu kernel.
Importance -> Low since this bug affects unusual end-user configurations or uncommon hardware.