2005-01-04 IPsec-tools 0.5-rc1 - Release candidate of IPsec-tools 0.5. Should be good enough for production use. Reproducible: Always Steps to Reproduce: 1. 2. 3.
Commited to portage. Please test and confirm it works. Thanks.
ebuild works. thanks ;-)
this ebuild does not work for me. It starts properly and phase 2 also is established correctly, but no connections are possible (e.g. a ping). If I compile it from sources, it works fine. Maybe there is a problem with the linux26-headers, which are used instead of /usr/src/linux in this ebuild. I have a gentoo-dev-sources 2.6.10-r1, my linux26-headers are 2.6.8.1-r2. emerge info: Portage 2.0.51-r8 (default-linux/x86/2004.3, gcc-3.4.3, glibc-2.3.4.20041102-r0, 2.6.10-gentoo-r1 i686) ================================================================= System uname: 2.6.10-gentoo-r1 i686 Mobile Intel(R) Pentium(R) 4 - M CPU 1.80GHz Gentoo Base System version 1.6.8 Python: dev-lang/python-2.2.3-r5,dev-lang/python-2.3.4 [2.3.4 (#1, Jun 6 2004, 15:18:06)] dev-lang/python: 2.2.3-r5, 2.3.4 sys-devel/autoconf: 2.59-r6, 2.13 sys-devel/automake: 1.8.5-r2, 1.5, 1.4_p6, 1.6.3, 1.7.9, 1.9.3 sys-devel/binutils: 2.15.92.0.2-r2 sys-devel/libtool: 1.5.10-r2 virtual/os-headers: 2.6.8.1-r2 ACCEPT_KEYWORDS="x86 ~x86" AUTOCLEAN="yes" CFLAGS="-march=pentium4 -O2 -pipe -fomit-frame-pointer -fprefetch-loop-arrays" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.3/env /usr/kde/3.3/share/config /usr/kde/3.3/shutdown /usr/kde/3/share/config /usr/lib/X11/xkb /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/ /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-march=pentium4 -O2 -pipe -fomit-frame-pointer -fprefetch-loop-arrays" DISTDIR="/usr/portage/distfiles" FEATURES="autoaddcvs autoconfig ccache distlocks sandbox sfperms" GENTOO_MIRRORS="http://ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/ ftp://ftp.gentoo.mesh-solutions.com/gentoo/ ftp://ftp.tu-clausthal.de/pub/linux/gentoo/" LDFLAGS="" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="x86 X X509 aalib acl acpi alsa apache2 arts artswrappersuid avi bash-completion berkdb bitmap-fonts bzip2 cdr chroot crypt cups dba dvd encode esd ethereal fam flacfoomaticdb freetype gd gdbm ggi gif gnokii gnutls gphoto2 gps gstreamer gtk gtk2 hostap-nopci hostap-noplx imagemagick imlib ipv6 irda java jce jmx jpeg junit kde kerberos latex ldap libwww mad mikmod mmx mozdevelop mpeg mysql nas ncurses nls no-old-linux nptl nptlonly ntlm odbc ogg oggvorbis opengl pam pcmcia pda pdflib perl pic plotutils png pnp postgres ppds pwdb python qt quicktime readline real samba scanner sdl slang slp snmp speex spell sse sse2 ssl svg svga tcltk tcpd tetex theora tiff truetype trusted unicode usagi usb utf8 vorbis wifi xine xml xml2 xmms xprint xv xvid zlib linguas_de"
i have the same problem. the install process finished successfully, but the connection does not work.
Do older versions work correctly?
yes, ipsec-tools-0.3.3 works correctly
Pete, I think this is possibly a duff version - pull from CVS?
It is not the version 0.3.x working for me, 0.4 working, 0.5-rc1 vanilla working too It is not the version that causes the problem. I will try it without some of the --enable-things and without the sed-line in src_unpack.
Ok, i've package.masked this for now, since it seems to break things, and introduces several changes now that this package is autotooled.
any chance of fixing this bug?
I've managed to at least encounter some problems now with ipsec-tools-0.5, but I'm not sure if it's the same problem or not. 2.6.10 includes some changes, that *require* an ipsec-tools-0.5*... kinda. This requirement seems restricted to machines doing both ipsec stuff and netfilter/nat stuff. I had a client with 0.5-rc1 working fine with a server running 0.3.3, but i recently upgraded the kernel on the server to 2.6.10 from 2.6.8, and i exprienced massive connectivity problems. Moving the server up to 0.5-rc1 fixed this. Can people give more details on their exact setups, and what problems they are having, exact point in hops where it dies, etc? Thanks.
FYI: 18 February 2005 - ipsec-tools-0.5 released http://sourceforge.net/mailarchive/message.php?msg_id=10896887 Bye, Paper
works for me on a machine with a 2.6.9 kernel after I created a ipsec-tools-5.0.ebuild with the '--enable-samode-unspec' econf removed. with that option enabled the phase 2 negotiation is started over and over again, without any chance of successfully sending anything over the encrypted channel. I will also try tomorrow with a hds-2.6.11 kernel Portage 2.0.51.19 (default-linux/x86/2004.0, gcc-3.3.5, glibc-2.3.4.20041102-r0, 2.6.9-laptop i686) ================================================================= System uname: 2.6.9-laptop i686 Intel(R) Pentium(R) M processor 1500MHz Gentoo Base System version 1.6.9 Python: dev-lang/python-2.3.4-r1 [2.3.4 (#1, Feb 14 2005, 15:15:04)] dev-lang/python: 2.3.4-r1 sys-devel/autoconf: 2.13, 2.59-r6 sys-devel/automake: 1.7.9-r1, 1.5, 1.4_p6, 1.8.5-r3, 1.6.3, 1.9.4 sys-devel/binutils: 2.15.92.0.2-r1 sys-devel/libtool: 1.5.10-r4 virtual/os-headers: 2.6.8.1-r1, 2.6.8.1-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CFLAGS="-pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/lib/X11/xkb /usr/lib/mozilla/defaults/pref /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/ /var/qmail/alias /var/qmail/control /var/service" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-pipe" DISTDIR="/var/spool/distfiles" FEATURES="autoaddcvs autoconfig ccache cvs digest distlocks makecheck sandbox sfperms" GENTOO_MIRRORS="http://proxy/gentoo ftp://ftp.lug.ro/gentoo" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/portage_2" SYNC="rsync://proxy/gentoo-portage" USE="x86 X acpi alsa apm avi berkdb bitmap-fonts caps cdr crypt crypto cups curl dvd emboss encode esd ethereal f77 font-server foomaticdb fortran gdbm gif gimpprint gpm gps gtk gtk2 imagemagick imap imlib ipv6 jpeg kerberos ldap libg++ libwww lirc mad mikmod mmx mozilla mp3 mpeg mysql ncurses nls nptl nptlonly oggvorbis opengl oss pam pdflib png python quicktime readline samba sdl slang smartcard spell sse sse2 ssl tcltk tetex tiff truetype truetype-fonts type1-fonts usb xml2 xmms xv zlib video_cards_radeon" Unset: ASFLAGS, CBUILD, CTARGET, LANG, LC_ALL, LDFLAGS
Ok, i've just add 0.5 release to portage, and removed the '--enable-samode-unspec'' option per the last comment. It's still package.masked pending confirmation of this working better for folks. Please test and report back. Thanks.
it also works well with hardened-dev-sources 2.6.11. thanks for the ebuild.
thanks, ebuild works for me
Ok, waiting on confirmation from Georg that this works for him before removing the package.mask, and marking this FIXED. Georg: work for you?
Works for me also now
Works for me fine on x86 and amd64. With via c3, there is still bug #61025 A filter-flag on march=c3 would help is still active, so if you could add a flag-o-matic to inherit and filter-flags="-march=c3" that would be nice (I have tested it here by modifying the ebuild). But who has a C3 ;) So thumbs up from my side.
Ok, i've added the C3 fix into 0.5, removed the fubar 0.5_rc1 from the tree, and removed the package.mask from 0.5. Marking this bug FIXED. Thanks all for the help on this bug. If there are any further issues, feel free to re-open this or open a new bug.