Arch Linux

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#54616 - [linux] ipsec doesn't route TCP with kernel 4.11 and newer

Attached to Project: Arch Linux
Opened by Christian Rebischke (Shibumi) - Tuesday, 27 June 2017, 18:55 GMT
Last edited by Eli Schwartz (eschwartz) - Sunday, 23 July 2017, 15:47 GMT
Task Type Bug Report
Category Kernel
Status Closed
Assigned To Tobias Powalowski (tpowa)
Architecture All
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 1
Private No

Details

Since kernel 4.11 the routing of TCP packets via ipsec doesn't work anymore. This seems to be a kernel issue not a strongswan issue[1]. Fedora solved this with a new kernel build[2]. With Linux-LTS-Package the VPN works fine.

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1458222
[2] https://koji.fedoraproject.org/koji/taskinfo?taskID=19871705
This task depends upon

Closed by  Eli Schwartz (eschwartz)
Sunday, 23 July 2017, 15:47 GMT
Reason for closing:  Fixed
Additional comments about closing:  linux 4.11.9-1
Comment by loqs (loqs) - Tuesday, 27 June 2017, 19:22 GMT
http://pkgs.fedoraproject.org/cgit/rpms/kernel.git/commit?id=2a29cf3d8e915083aab65ae2073d84879b517e11
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=0e78a87306a6f55b1c7bbafad1de62c3975953ca
Edit:
@Shibumi linux-zen and linux-hardened also appear to lack the patch is there any reason you only want the linux package patched?
Comment by Doug Newgard (Scimmia) - Tuesday, 27 June 2017, 21:13 GMT
Has this been backported to the stable kernel? If so, we should have it soon enough. If not, why?
Comment by loqs (loqs) - Tuesday, 27 June 2017, 22:17 GMT
http://marc.info/?l=linux-netdev&m=149518824515377&w=2 is the last message in the thread
Note the link from my previous comment to git.kernel.org is the patch that was upstreamed for 4.12 the fedora link is the patch for 4.11
Edit:
It is not scheduled for 4.11.8 https://lkml.org/lkml/2017/6/27/562
As this issue has been present for the all 4.11 releases and will be fixed in 4.12 can it be left?
Same could be said for https://bugs.archlinux.org/task/54562 which also has no stable patch and also appears to have been present throughout 4.11
Comment by Christian Rebischke (Shibumi) - Tuesday, 27 June 2017, 22:56 GMT
@loqs
Sorry I didn't know that -zen and -hardened are not patched.. Is there a way to add this ticket or shall I open 2 other tickets for hardened and zen?
Comment by loqs (loqs) - Monday, 03 July 2017, 16:35 GMT
Now added to stable-queue https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/commit/?id=8abe44bfd5d39a1508c9f40b1aa05d4d682070f8
Edit:
@Shibumi can you confirm if the issue is resolved in one or both of 4.11.9-1 and 4.12-1
Comment by Christian Rebischke (Shibumi) - Sunday, 23 July 2017, 15:33 GMT
@loqs

It works fine with 4.11.9-1. This bug-ticket can be closed, I think.

Loading...