<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
<META NAME="GENERATOR" CONTENT="GtkHTML/3.3.2">
</HEAD>
<BODY>
Does anyone have any further ideas for me to try?<BR>
<BR>
Please help,<BR>
John<BR>
<BR>
<BR>
On Fri, 2005-04-15 at 17:24 +1000, John Mravunac wrote:
<BLOCKQUOTE TYPE=CITE>
<PRE>
<FONT COLOR="#000000">Also I just noticed,</FONT>
<FONT COLOR="#000000">if when using the settings ike=3des and esp=3des, even with IP</FONT>
<FONT COLOR="#000000">forwarding turned off, you ping between the ipsec gateways, the gateway</FONT>
<FONT COLOR="#000000">on which the ping is run will kernel panic immediately.</FONT>
<FONT COLOR="#000000"> </FONT>
<FONT COLOR="#000000">-----Original Message-----</FONT>
<FONT COLOR="#000000">From: <A HREF="mailto:users-bounces@openswan.org">users-bounces@openswan.org</A> [mailto:<A HREF="mailto:users-bounces@openswan.org">users-bounces@openswan.org</A>] On</FONT>
<FONT COLOR="#000000">Behalf Of John Mravunac</FONT>
<FONT COLOR="#000000">Sent: Friday, 15 April 2005 2:27 PM</FONT>
<FONT COLOR="#000000">To: <A HREF="mailto:users@openswan.org">users@openswan.org</A></FONT>
<FONT COLOR="#000000">Subject: RE: [Openswan Users] RHEL4 pluto segmentation faults and</FONT>
<FONT COLOR="#000000">restarts</FONT>
<FONT COLOR="#000000">Adding dumpdir=/tmp did not create any dumps in /tmp, even though pluto</FONT>
<FONT COLOR="#000000">continued to seg fault and restart.</FONT>
<FONT COLOR="#000000">Adding ike=3des and esp=3des did make a difference though. Using these</FONT>
<FONT COLOR="#000000">settings, the connections come up, but then when I enable IP forwarding</FONT>
<FONT COLOR="#000000">I get a kernel panic every time. Enabling IP forwarding when ipsec is</FONT>
<FONT COLOR="#000000">stopped works fine, no panics. But as soon as ipsec is started, just</FONT>
<FONT COLOR="#000000">after the connections are loaded, the kernel panics every time.</FONT>
<FONT COLOR="#000000">Any ideas?</FONT>
<FONT COLOR="#000000">Cheers,</FONT>
<FONT COLOR="#000000">John</FONT>
<FONT COLOR="#000000">-----Original Message-----</FONT>
<FONT COLOR="#000000">From: Paul Wouters [mailto:<A HREF="mailto:paul@xelerance.com">paul@xelerance.com</A>]</FONT>
<FONT COLOR="#000000">Sent: Thursday, 14 April 2005 11:18 PM</FONT>
<FONT COLOR="#000000">To: John Mravunac</FONT>
<FONT COLOR="#000000">Cc: <A HREF="mailto:users@openswan.org">users@openswan.org</A></FONT>
<FONT COLOR="#000000">Subject: Re: [Openswan Users] RHEL4 pluto segmentation faults and</FONT>
<FONT COLOR="#000000">restarts</FONT>
<FONT COLOR="#000000">On Thu, 14 Apr 2005, John Mravunac wrote:</FONT>
<FONT COLOR="#000000">Can you add dumpdir=/tmp to config setup and check what the coredump is</FONT>
<FONT COLOR="#000000">telling you? Also, since this error seemed to be triggered by AES, can</FONT>
<FONT COLOR="#000000">you try adding ike=3des and esp=3des and see what happens?</FONT>
<FONT COLOR="#000000">Paul</FONT>
<FONT COLOR="#000000">> After experiencing many problems with running Openswan 2.3.0 on RHEL3,</FONT>
<FONT COLOR="#000000">> I decided to give RHEL4 a try. I compiled and installed both the </FONT>
<FONT COLOR="#000000">> userland and the KLIPS kernel module and everything appeared to start </FONT>
<FONT COLOR="#000000">> fine. BUT, then I noticed that no tunnels were up and pluto kept </FONT>
<FONT COLOR="#000000">> restarting after a segmentation fault:</FONT>
<FONT COLOR="#000000">></FONT>
<FONT COLOR="#000000">></FONT>
<FONT COLOR="#000000">> Apr 15 00:47:20 one kernel: Unable to handle kernel NULL pointer </FONT>
<FONT COLOR="#000000">> dereference at virtual address 00000000 Apr 15 00:47:20 one kernel:</FONT>
<FONT COLOR="#000000">> printing eip:</FONT>
<FONT COLOR="#000000">> Apr 15 00:47:20 one kernel: f8ef67cd</FONT>
<FONT COLOR="#000000">> Apr 15 00:47:20 one kernel: *pde = 3d31a067 Apr 15 00:47:20 one</FONT>
<FONT COLOR="#000000">> kernel: Oops: 0002 [#1] Apr 15 00:47:20 one kernel: Modules linked in:</FONT>
<FONT COLOR="#000000">> ipsec(U) md5 ipv6 parport_pc lp parport autofs4 i2c_dev i2c_core </FONT>
<FONT COLOR="#000000">> sunrpc button battery ac uhci_hcd ehci_hcd hw_random e1000 e100 mii</FONT>
<FONT COLOR="#000000">> tg3 floppy dm_snapshot dm_zero dm_mirror ext3 jbd dm_mod cciss sd_mod </FONT>
<FONT COLOR="#000000">> scsi_mod</FONT>
<FONT COLOR="#000000">> Apr 15 00:47:20 one kernel: CPU: 0</FONT>
<FONT COLOR="#000000">> Apr 15 00:47:20 one kernel: EIP: 0060:[<f8ef67cd>] Not tainted</FONT>
<FONT COLOR="#000000">VLI</FONT>
<FONT COLOR="#000000">> Apr 15 00:47:20 one kernel: EFLAGS: 00010202 (2.6.9-5.0.3.EL)</FONT>
<FONT COLOR="#000000">> Apr 15 00:47:20 one ipsec__plutorun: /usr/local/lib/ipsec/_plutorun:</FONT>
<FONT COLOR="#000000">> line 221: 3185 Segmentation fault /usr/local/libexec/ipsec/pluto</FONT>
<FONT COLOR="#000000">> --nofork --secr</FONT>
<FONT COLOR="#000000">> etsfile /etc/ipsec.secrets --ipsecdir /etc/ipsec.d --debug-none </FONT>
<FONT COLOR="#000000">> --uniqueids Apr 15 00:47:20 one kernel: EIP is at aes_32+0x3/0x499 </FONT>
<FONT COLOR="#000000">> [ipsec] Apr 15 00:47:20 one ipsec__plutorun: !pluto failure!: exited </FONT>
<FONT COLOR="#000000">> with error status 139 (signal 11)</FONT>
<FONT COLOR="#000000">> Apr 15 00:47:20 one kernel: eax: f7936800 ebx: 00000000 ecx:</FONT>
<FONT COLOR="#000000">> 00000004 edx: 00000000</FONT>
<FONT COLOR="#000000">> Apr 15 00:47:20 one ipsec__plutorun: restarting IPsec after pause...</FONT>
<FONT COLOR="#000000">></FONT>
<FONT COLOR="#000000">></FONT>
<FONT COLOR="#000000">> I've tried bringing up the tunnels without using the KLIPS kernel </FONT>
<FONT COLOR="#000000">> module and they appear to work fine, but I really do want all ipsec </FONT>
<FONT COLOR="#000000">> traffic to pass through an ipsec0 interface.</FONT>
<FONT COLOR="#000000">></FONT>
<FONT COLOR="#000000">> If anybody has any suggestions as to how I can fix the pluto problem </FONT>
<FONT COLOR="#000000">> or how to setup the iptables rules when the KLIPS modules is not used,</FONT>
<FONT COLOR="#000000">> I'd be extremely appreciative!</FONT>
<FONT COLOR="#000000">></FONT>
<FONT COLOR="#000000">> Regards,</FONT>
<FONT COLOR="#000000">> John Mravunac</FONT>
<FONT COLOR="#000000">></FONT>
<FONT COLOR="#000000">></FONT>
<FONT COLOR="#000000">></FONT>
<FONT COLOR="#000000">></FONT>
<FONT COLOR="#000000">> _______________________________________________</FONT>
<FONT COLOR="#000000">> Users mailing list</FONT>
<FONT COLOR="#000000">> <A HREF="mailto:Users@openswan.org">Users@openswan.org</A></FONT>
<FONT COLOR="#000000">> <A HREF="http://lists.openswan.org/mailman/listinfo/users">http://lists.openswan.org/mailman/listinfo/users</A></FONT>
<FONT COLOR="#000000">></FONT>
<FONT COLOR="#000000">-- </FONT>
<FONT COLOR="#000000">As time passes hardware approaches the effectiveness of a rock and the</FONT>
<FONT COLOR="#000000">reliability of a crack addict.</FONT>
<FONT COLOR="#000000"> --- Naubert's law</FONT>
<FONT COLOR="#000000">_______________________________________________</FONT>
<FONT COLOR="#000000">Users mailing list</FONT>
<FONT COLOR="#000000"><A HREF="mailto:Users@openswan.org">Users@openswan.org</A></FONT>
<FONT COLOR="#000000"><A HREF="http://lists.openswan.org/mailman/listinfo/users">http://lists.openswan.org/mailman/listinfo/users</A></FONT>
<FONT COLOR="#000000">_______________________________________________</FONT>
<FONT COLOR="#000000">Users mailing list</FONT>
<FONT COLOR="#000000"><A HREF="mailto:Users@openswan.org">Users@openswan.org</A></FONT>
<FONT COLOR="#000000"><A HREF="http://lists.openswan.org/mailman/listinfo/users">http://lists.openswan.org/mailman/listinfo/users</A></FONT>
</PRE>
</BLOCKQUOTE>
</BODY>
</HTML>