Control: tag -1 moreinfo On Wed, 2017-04-05 at 18:22 +1000, Russell Stuart wrote: > Package: src:linux > Version: 4.9.13-1~bpo8+1 > Severity: normal > > Dear Maintainer, > > We have a IPSec tunnel. It works under 3.16, and doesn't work under > 4.9.13. Under 4.9.13 racoon reports the isakmp setup is successfull. > Looking at it with tcdump (I've got captures, with xfrm keys) > under 4.9.13 I see ESP packets going out, but none coming in. [...]
Does the affected system have a firewall? If so, you might need to load nf_conntrack_proto_gre explicitly now (explained in <https://home.regit.org/netfilter-en/secure-use-of-helpers/>). Although it isn't obvious why only some of the GRE tunnels would be affected. Ben. -- Ben Hutchings Never attribute to conspiracy what can adequately be explained by stupidity.
signature.asc
Description: This is a digitally signed message part
