Possible nasty side effect on Debian if OpenSWAN is used

IWETHEY v. 0.3.0 | TODO

1,095 registered users | 0 active users | 1 LpH | Statistics
Login | Create New User

Welcome to IWETHEY!

Post #388,593

by scoenye

4/15/14 7:05:35 PM

Possible nasty side effect on Debian if OpenSWAN is used

Installing the Heartbleed fix (openssl 1.0.1e-2+deb7u6) on a box that uses openswan 1:2.6.37-3+deb7u1 breaks all tunnels. Openswan +deb7u1 version is a security update released in 2013. Falling back to the vanilla Wheezy version allows the tunnels to be reestablished (if you can live with the vulnerability +deb7u1 patched.)

I have not been able to get to the very bottom yet. It is possible something in the IPSec config no longer pass muster, or that another update is playing into this. The only visible symptom is that both ends suddenly reject each others certificates with an INVALID_ID_INFORMATION error.

Heartbleed and OpenSSL - (folkert) - (27) - April 8, 2014, 10:09:41 AM EDT

Re: Heartbleed and OpenSSL - (pwhysall) - (6) - April 8, 2014, 05:52:36 PM EDT

#1353 - (Another Scott) - (1) - April 9, 2014, 08:24:36 AM EDT

:0) -NT - (mmoffitt) - April 9, 2014, 08:43:36 AM EDT

Well dammit -NT - (drook) - April 9, 2014, 11:12:36 AM EDT

It is even more fun than that - (scoenye) - (1) - April 9, 2014, 06:42:50 PM EDT

Look for "pacemaker" as related to heartbleed... - (folkert) - April 10, 2014, 01:53:52 AM EDT

Amazing... - (folkert) - April 10, 2014, 01:47:49 AM EDT

It now has its own website.. - (Ashton) - (2) - April 9, 2014, 04:50:04 PM EDT

Most damning point IMO - (drook) - (1) - April 9, 2014, 05:01:17 PM EDT

Yes... this. ^^^ -NT - (folkert) - April 10, 2014, 01:52:43 AM EDT

XKCD is cool today - (drook) - (1) - April 11, 2014, 01:34:52 PM EDT

wow - (crazy) - April 11, 2014, 01:50:42 PM EDT

SJMN: White House and NSA deny they knew about it. - (Another Scott) - (10) - April 11, 2014, 09:31:33 PM EDT

Re: SJMN: White House and NSA deny they knew about it. - (pwhysall) - (9) - April 14, 2014, 07:29:44 AM EDT

I find this comment at Wonkette plausible. - (Another Scott) - (4) - April 14, 2014, 08:04:31 AM EDT

Note the followup if you use Chrome. - (Another Scott) - (3) - April 14, 2014, 08:56:04 AM EDT

So Google doesn't understand the implications of... - (a6l6e6x) - (2) - April 14, 2014, 12:18:46 PM EDT

Deliberately turned off as of 2012 - (scoenye) - (1) - April 15, 2014, 06:44:12 PM EDT

I wonder if "Lifelock" is getting a spike in business... :-( -NT - (Another Scott) - April 15, 2014, 07:19:35 PM EDT

Hola Peter.. Query: - (Ashton) - (3) - April 14, 2014, 08:18:39 PM EDT

Re: Hola Peter.. Query: - (pwhysall) - (2) - April 15, 2014, 03:42:33 AM EDT

hehe. -NT - (Another Scott) - April 15, 2014, 08:27:48 AM EDT

No they wouldn't ... they've got Policies -NT - (drook) - April 15, 2014, 08:37:53 AM EDT

And it's exactly as bad as stated. - (pwhysall) - (2) - April 14, 2014, 07:36:53 AM EDT

Damn! - (a6l6e6x) - April 14, 2014, 12:33:20 PM EDT

Irony. - (static) - April 15, 2014, 10:32:00 PM EDT

Possible nasty side effect on Debian if OpenSWAN is used - (scoenye) - April 15, 2014, 07:05:35 PM EDT

iwethey.org

Dein Glück... ist nicht mein Glück... ist mein Unglück.
63 ms