ClearFoundation Tracker - ClearOS | |||||
| View Issue Details | |||||
| ID | Project | Category | View Status | Date Submitted | Last Update |
| 0000037 | ClearOS | app-ipsec - IPsec Engine | public | 2010-03-04 15:12 | 2013-01-31 13:50 |
| Reporter | dsokoloski | ||||
| Assigned To | user2 | ||||
| Priority | normal | Severity | minor | Reproducibility | sometimes |
| Status | closed | Resolution | fixed | ||
| Platform | OS | OS Version | |||
| Product Version | 5.1 | ||||
| Target Version | 5.2 | Fixed in Version | 5.2 | ||
| Summary | 0000037: IPsec workaround may cause issues for Samba when "bind interfaces only" is enabled | ||||
| Description | The following combination will cause file sharing to be inaccessible from the LAN: - Gateway mode - Samba file sharing enabled - IPsec VPN enabled - WAN interface using an alphabetically higher network interface than the LAN interface Here is the sequence of events. When an IPsec connection comes up, the source IP of the LAN interface is (sometimes?) added to the external WAN interface (e.g. ip addr add 192.168.4.1 dev ppp0). So an example LAN interface looks like: 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:1c:23:c5:b4:e6 brd ff:ff:ff:ff:ff:ff inet 192.168.4.1/24 brd 192.168.4.255 scope global eth1 inet6 fe80::21c:23ff:fec5:b4e6/64 scope link valid_lft forever preferred_lft forever And an example WAN interface looks like: 18: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qdisc pfifo_fast qlen 3 link/ppp inet 1.2.3.4 peer 1.2.3.1/32 scope global ppp0 inet 192.168.4.1/24 scope global ppp0 Note the odd 192.168.4.1 interface that now exists on our ppp0 DSL WAN interface. According to the OpenSwan script, this was required as a workaround to "solve SNAT/MASQUERADE problems with recent # 2.6.x kernels." There is a mystery bug reference #66215 with a commit log date November 26, 2005. In the Samba configuration, the following settings have been set: bind interfaces only = Yes interfaces = lo eth1 Internally, Samba processes this request by: - Probing the interfaces on the system - Sorting the interfaces according to addresses - Discarding duplicates Depending on the ordering, the request to bind on eth1 (with IP 192.168.4.1 in the example) no longer exists. | ||||
| Steps To Reproduce | |||||
| Additional Information | |||||
| Tags | No tags attached. | ||||
| Relationships | |||||
| Attached Files | |||||
| Issue History | |||||
| Date Modified | Username | Field | Change | ||
| 2010-03-04 15:12 | user2 | New Issue | |||
| 2010-03-04 15:12 | user2 | Reporter | user2 => dsokoloski | ||
| 2010-03-04 15:12 | user2 | Status | new => confirmed | ||
| 2010-03-04 15:20 | user2 | Description Updated | |||
| 2010-03-04 15:22 | user2 | Description Updated | |||
| 2010-03-04 15:22 | user2 | Description Updated | |||
| 2010-06-02 19:56 | user2 | Checkin | |||
| 2010-06-02 19:56 | user2 | Note Added: 0000163 | |||
| 2010-06-02 19:56 | user2 | Status | confirmed => resolved | ||
| 2010-06-02 19:56 | user2 | Resolution | open => fixed | ||
| 2010-06-02 19:56 | user2 | Fixed in Version | => 5.2 | ||
| 2010-06-02 19:56 | user2 | Target Version | => 5.2 | ||
| 2010-06-02 19:57 | user2 | Status | resolved => assigned | ||
| 2010-06-02 19:57 | user2 | Assigned To | => user2 | ||
| 2010-06-02 19:57 | user2 | Status | assigned => resolved | ||
| 2010-07-14 16:42 | user2 | Status | resolved => closed | ||
| 2013-01-31 13:49 | user2 | Category | app-ipsec - IPsec VPN => (No Category) | ||
| 2013-01-31 13:50 | user2 | Category | (No Category) => app-ipsec - IPsec Engine | ||
| Notes | |||||
|
|
|||||
|
|
||||