touch-packages team mailing list archive
-
touch-packages team
-
Mailing list archive
-
Message #26687
[Bug 606997] Re: ufw blocks ipsec
** No longer affects: ufw (Ubuntu Lucid)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ufw in Ubuntu.
https://bugs.launchpad.net/bugs/606997
Title:
ufw blocks ipsec
Status in ufw - Uncomplicated Firewall:
Fix Released
Status in “ufw” package in Ubuntu:
Fix Released
Status in “ufw” source package in Maverick:
Fix Released
Bug description:
I've had IPSEC working between the Linux machines on my network for
about a year using Firestarter as the firewall. I recently decided
that I should probably switch to ufw since Firestarter isn't supported
anymore, but since then I've found that IPSEC negotiations are
unreliable: today, for example, I could see that one of the machines
thought it had negotiated an IPSEC connection to another, but no
messages were getting through to the other machine.
Looking at the log files I see lots of messages along the lines of:
Jul 18 01:20:23 nightmare kernel: [ 17.670844] [UFW BLOCK] IN=eth0
OUT= MAC=xxxx SRC=xxxx DST=xxxx LEN=120 TOS=0x00 PREC=0x00 TTL=64
ID=6954 DF PROTO=AH SPI=0xbd5df15
So what I don't understand is:
1. Why ufw is blocking a protocol that it apparently gives you no control over? I can't tell it to allow or block AH or ESP.
2. Why it sometimes blocks the protocol and sometimes doesn't?
ufw --version:
ufw 0.30pre1-0ubuntu2
Copyright 2008-2010 Canonical Ltd.
This is Ubuntu 10.04 with the most recent updates.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ufw/+bug/606997/+subscriptions