From mboxrd@z Thu Jan 1 00:00:00 1970 From: ummeegge To: development@lists.ipfire.org Subject: Re: Core Update 139 (testing) report Date: Thu, 12 Dec 2019 20:59:48 +0100 Message-ID: In-Reply-To: <870f0e4f-d807-f088-76c9-a876b3eea335@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============7444387838824530014==" List-Id: --===============7444387838824530014== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hi all, after the update there are a lots of=20 sshd[17731]: error: kex_exchange_identification: Connection closed by remote = host messages. SSH was not accesible but like Peter already announced it, a restar= t fixed this. OpenVPN RW and N2N seems to work as expected. Currently here are no further complications. Erik Am Donnerstag, den 12.12.2019, 19:35 +0000 schrieb Peter M=C3=BCller: > Hello *, >=20 > upcoming Core Update 139 (testing, see:=20 > https://blog.ipfire.org/post/ipfire-2-23-core-update-139-is-available-for-t= esting > ) > is running here for about 24 hours by now, and caused major trouble > especially > related to IPsec. >=20 > First, the update did not triggered a "reboot is requried" message, > which is > obligatory since we are shipping some new Intel microcodes. Those > need a reboot > in order to be loaded into the CPU. >=20 > Second, I forgot to execute /usr/local/bin/sshctrl during update > (update.sh), > so user settings were not applied to the SSH configuration. My fault > (again). >=20 > Third, IPsec N2N connections are not set up automatically after > rebooting although > they were configured to be. Worse, something seems to go seriously > wrong, as traffic > to a destination IP address on the other side of the IPsec connection > is emitted > directly to the internet. >=20 > Surprisingly enough, connections initiated from the remote network > behind an IPsec > connection succeed and response packets apparently are sent back > through the tunnel. >=20 > Reason for this is unknown; as far as I am concerned, this Core > Update is not yet ready. > I will open bug tickets for the problems mentioned above (and others, > if necessary). >=20 > Output of "uname -a" for reference purposes: > > [root(a)maverick ~]# uname -a > > Linux maverick 4.14.154-ipfire #1 SMP Fri Nov 15 07:27:41 GMT 2019 > > x86_64 Intel(R) Celeron(R) CPU N3150 @ 1.60GHz GenuineIntel > > GNU/Linux >=20 > Thanks, and best regards, > Peter M=C3=BCller --===============7444387838824530014==--