[Bug 391370] [NEW] Cannot decapsulate IPv6 from ESP since 2.6.27
Fredrik Ljunggren
fredrik at kirei.se
Tue Jun 23 22:25:55 UTC 2009
Public bug reported:
Binary package hint: linux-image
Since linux kernel version 2.6.27 IPv6 packages recieved over IPSEC is
never decapsulated but silently dropped.
It can easily be verified since the module xfrm6_mode_tunnel isn't
inserted when installing a SPD containing policies for IPv6 via setkey.
Even if manually installed via modprobe, it is never used.
The policy itself installs and can be viewed with setkey -DP, but
incoming rules for IPv6 never gets any packages. Outgoing
(encapsulation) is working.
The result of this seems to be total failure of IPv6 over IPSEC for all
kernel versions >= 2.6.27.
Verified working versions:
linux-image-2.6.24-23-generic (2.6.24-23.52)
linux-image-2.6.25-2-386 (2.6.25-2.3)
Verified non-working versions:
linux-image-2.6.27-7-generic (2.6.27-7.16)
linux-image-2.6.28-11-generic (2.6.28-11.42)
linux-image-2.6.28-13-generic (2.6.28-13.44)
linux-image-2.6.30-10-generic (2.6.30-10.12)
** Affects: linux-meta (Ubuntu)
Importance: Undecided
Status: New
** Summary changed:
- Cannot decapsulate IPv6 från ESP since 2.6.27
+ Cannot decapsulate IPv6 from ESP since 2.6.27
--
Cannot decapsulate IPv6 from ESP since 2.6.27
https://bugs.launchpad.net/bugs/391370
You received this bug notification because you are a member of Kernel
Bugs, which is subscribed to linux-meta in ubuntu.
More information about the kernel-bugs
mailing list