<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EstiloDeEmail17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;}
@page Section1
{size:612.0pt 792.0pt;
margin:70.85pt 3.0cm 70.85pt 3.0cm;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=PT-BR link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><span lang=EN-US>Hello again,<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US>After kernel crashes with kernel-2.6.18
(CentOS) and 2.6.23 (FC7) with openswan-2.6.23 KLIPS, I decided to give fedora9
with kernel 2.6.27.25 a try. I can compile and install openswan-2.6.23 and KLIPS
module, but when connecting a L2TP/IPSEC client (vista) I get:<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US>/var/log/messages:<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>Oct 2 12:34:26 inet ipsec__plutorun:
/usr/local/lib/ipsec/_plutorun: line 232: 2286 Segmentation fault
/usr/local/libexec/ipsec/pluto --nofork --secretsfile /etc/ipsec.secrets
--ipsecdir /etc/ipsec.d --use-klips --uniqueids --nat_traversal
--virtual_private
%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:!192.168.0.0/24,%v4:172.16.0.0/12<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>Oct 2 12:34:26 inet ipsec__plutorun:
!pluto failure!: exited with error status 139 (signal 11)<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US>/var/log/secure:<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>Oct 2 12:34:26 inet pluto[2286]: packet
from 192.168.1.5:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000006]<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>Oct 2 12:34:26 inet pluto[2286]: packet
from 192.168.1.5:500: received Vendor ID payload [RFC 3947] method set to=109<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>Oct 2 12:34:26 inet pluto[2286]: packet
from 192.168.1.5:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>Oct 2 12:34:26 inet pluto[2286]: packet
from 192.168.1.5:500: ignoring Vendor ID payload [FRAGMENTATION]<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>Oct 2 12:34:26 inet pluto[2286]: packet
from 192.168.1.5:500: ignoring Vendor ID payload [MS-Negotiation Discovery
Capable]<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>Oct 2 12:34:26 inet pluto[2286]: packet
from 192.168.1.5:500: ignoring Vendor ID payload [Vid-Initial-Contact]<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>Oct 2 12:34:26 inet pluto[2286]: packet
from 192.168.1.5:500: ignoring Vendor ID payload [IKE CGA version 1]<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>Oct 2 12:34:26 inet pluto[2286]:
"MR-Empresa"[1] 192.168.1.5 #1: responding to Main Mode from unknown
peer 192.168.1.5<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>Oct 2 12:34:26 inet pluto[2286]:
"MR-Empresa"[1] 192.168.1.5 #1: OAKLEY_GROUP 20 not supported.
Attribute OAKLEY_GROUP_DESCRIPTION<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>Oct 2 12:34:26 inet pluto[2286]:
"MR-Empresa"[1] 192.168.1.5 #1: OAKLEY_GROUP 19 not supported.
Attribute OAKLEY_GROUP_DESCRIPTION<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>Oct 2 12:34:26 inet pluto[2286]:
"MR-Empresa"[1] 192.168.1.5 #1: transition from state STATE_MAIN_R0
to state STATE_MAIN_R1<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>Oct 2 12:34:26 inet pluto[2286]:
"MR-Empresa"[1] 192.168.1.5 #1: STATE_MAIN_R1: sent MR1, expecting
MI2<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>Oct 2 12:34:26 inet pluto[2286]:
"MR-Empresa"[1] 192.168.1.5 #1: NAT-Traversal: Result using RFC 3947
(NAT-Traversal): peer is NATed<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>Oct 2 12:34:26 inet pluto[2286]:
"MR-Empresa"[1] 192.168.1.5 #1: transition from state STATE_MAIN_R1
to state STATE_MAIN_R2<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>Oct 2 12:34:26 inet pluto[2286]:
"MR-Empresa"[1] 192.168.1.5 #1: STATE_MAIN_R2: sent MR2, expecting
MI3<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>Oct 2 12:34:26 inet pluto[2286]:
"MR-Empresa"[1] 192.168.1.5 #1: Main mode peer ID is ID_DER_ASN1_DN:
'C=BR, ST=Sao Paulo, L=Piracicaba, O=Teste, CN=mr.testdomain.com.br'<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>Oct 2 12:34:26 inet pluto[2286]:
"MR-Empresa"[1] 192.168.1.5 #1: I am sending my cert<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>Oct 2 12:34:26 inet pluto[2286]:
"MR-Empresa"[1] 192.168.1.5 #1: transition from state STATE_MAIN_R2
to state STATE_MAIN_R3<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>Oct 2 12:34:26 inet pluto[2286]:
"MR-Empresa"[1] 192.168.1.5 #1: new NAT mapping for #1, was
192.168.1.5:500, now 192.168.1.5:4500<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>Oct 2 12:34:26 inet pluto[2286]:
"MR-Empresa"[1] 192.168.1.5 #1: STATE_MAIN_R3: sent MR3, ISAKMP SA
established {auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_sha
group=modp2048}<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>Oct 2 12:34:26 inet pluto[2286]:
"MR-Empresa"[1] 192.168.1.5 #1: the peer proposed:
192.168.1.2/32:17/1701 -> 192.168.2.10/32:17/1701<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>Oct 2 12:34:26 inet pluto[2286]:
"MR-Empresa"[1] 192.168.1.5 #1: NAT-Traversal: received 2 NAT-OA.
using first, ignoring others<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>Oct 2 12:34:26 inet pluto[2286]:
"MR-Empresa"[1] 192.168.1.5 #2: responding to Quick Mode proposal
{msgid:01000000}<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>Oct 2 12:34:26 inet pluto[2286]:
"MR-Empresa"[1] 192.168.1.5 #2: us:
192.168.1.2<192.168.1.2>[+S=C]:17/1701<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>Oct 2 12:34:26 inet pluto[2286]:
"MR-Empresa"[1] 192.168.1.5 #2: them: 192.168.1.5[C=BR, ST=Sao
Paulo, L=Piracicaba, O=Teste,
CN=mr.testdomain.com.br,+S=C]:17/1701===192.168.2.10/32<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>Oct 2 12:34:26 inet pluto[2289]:
pluto_crypto_helper: helper (0) is normal exiting<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>Oct 2 12:34:37 inet ipsec__plutorun:
Restarting Pluto subsystem...<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US>I’ve tried kernel 2.6.27.28,
2.6.27.35 and 2.6.27.35 vanilla. The behavior is always the same. I’ve
searched for this problem and found similar problems with people using openswan
2.6.20 and 2.6.21 and the recommendation is always to upgrade to 2.6.22. Unfortunately
it’s also happening with openswan-2.6.23. <o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US>Any ideas? Anything I can do to provide you
guys with information about this?<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US>I’m installing FC11 on another box now
to test with a newer kernel. I’ll post the results later on.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US>Thanks,<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Giovani</span><o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
</div>
</body>
</html>