--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: linux-source-2.6.12: Netfilter and IPSec patches in 2.6
- From: Antony Gelberg <antony@wayforth.co.uk>
- Date: Mon, 05 Sep 2005 12:38:21 +0100
- Message-id: <E1ECFIr-0001MB-QH@localhost.localdomain>
Package: linux-source-2.6.12
Severity: normal
Hi,
Please can we have the patches in 2.6 for netfilter and ipsec, and the policy
match patch in iptables. See http://www.shorewall.net/IPSEC-2.6.html
The problem is thus:
Shorewall needs a patched kernel to work with the 2.6 ipsec stack. (Netfilter
currently lacks full support for the 2.6 kernel's implementation of IPSEC.)
If one tries to use a 2.4 Debian kernel, it's no use, due to the backporting
of the 2.6 stack.
If one tries to use a vanilla kernel with the openswan-modules-source, this
fails due to http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=276521. This
bug renders the package useless. AES is a strong and desirable cipher.
This means that it is a right pain to buid a Sarge firewall with ipsec, and it
really shouldn't be. I am currently using a vanilla 2.4.31 kernel with the
kernel-patch-openswan package.
I have raised this with the linux-source-2.6.12 and iptables packages in the
BTS.
Antony
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.11.20050411
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
--- End Message ---