Bug#326730: marked as done (linux-source-2.6.12: Netfilter and IPSec patches in 2.6)

To: Antony Gelberg <antony@wayforth.co.uk>
Subject: Bug#326730: marked as done (linux-source-2.6.12: Netfilter and IPSec patches in 2.6)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Thu, 13 Apr 2006 07:49:21 -0700
Message-id: <handler.326730.D326730.1144939224915.ackdone@bugs.debian.org>
References: <443E62D5.10607@wayforth.co.uk> <E1ECFIr-0001MB-QH@localhost.localdomain>

Your message dated Thu, 13 Apr 2006 15:40:21 +0100
with message-id <443E62D5.10607@wayforth.co.uk>
and subject line Fixed in 2.6.16?
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: linux-source-2.6.12: Netfilter and IPSec patches in 2.6
From: Antony Gelberg <antony@wayforth.co.uk>
Date: Mon, 05 Sep 2005 12:38:21 +0100
Message-id: <E1ECFIr-0001MB-QH@localhost.localdomain>

Package: linux-source-2.6.12
Severity: normal

Hi,

Please can we have the patches in 2.6 for netfilter and ipsec, and the policy
match patch in iptables.  See http://www.shorewall.net/IPSEC-2.6.html

The problem is thus:
Shorewall needs a patched kernel to work with the 2.6 ipsec stack.  (Netfilter
currently lacks full support for the 2.6 kernel's implementation of IPSEC.)
If one tries to use a 2.4 Debian kernel, it's no use, due to the backporting
of the 2.6 stack.
If one tries to use a vanilla kernel with the openswan-modules-source, this
fails due to http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=276521.  This
bug renders the package useless.  AES is a strong and desirable cipher.

This means that it is a right pain to buid a Sarge firewall with ipsec, and it
really shouldn't be.  I am currently using a vanilla 2.4.31 kernel with the
kernel-patch-openswan package.

I have raised this with the linux-source-2.6.12 and iptables packages in the
BTS.

Antony



-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.11.20050411
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)

--- End Message ---

--- Begin Message ---

To: 326730-done@bugs.debian.org

Subject: Fixed in 2.6.16?

From: Antony Gelberg <antony@wayforth.co.uk>

Date: Thu, 13 Apr 2006 15:40:21 +0100

Message-id: <443E62D5.10607@wayforth.co.uk>
2.6.16 contains the appropriate patches.  Shorewall will now work with
2.6 IPSec.  2.6.16 is in unstable.  Hence, closing this bug.
--- End Message ---

Reply to:

Prev by Date: Re: note on "2.4 is deprecated"
Next by Date: Processed: Re: Bug#362064: udev: udev tries to write to an installed, working initrd without asking
Previous by thread: Bug#362442: initramfs-tools: A few simple options for greater flexibility
Next by thread: Processed: severity of 362064 is serious
Index(es):
- Date
- Thread