[Openswan dev] [Openswan Users] pluto traps in aggressive mode with 2.6.24rc4

Paul Wouters paul at xelerance.com
Fri Oct 15 14:15:31 EDT 2010


On Fri, 15 Oct 2010, Murat Sezgin wrote:

> We are running this version of openswan on our 2 ubicom32 based routers
> to establish site-to-site VPN. Main mode works fine, but if we switch to
> aggressive mode. pluto crashes on the responder side router. Because of
> some limitations of our processor (no-MMU), we are passing the pluto
> options a little different. We are not using a ipsec.conf file. So I
> cannot send you a conf file now. The pluto and whack options are as below
> that we passed.
> 
> PLUTO_OPTIONS=--nofork --ikeport 500 --secretsfile
> /etc/ipsec/ipsec.secrets --ctlbase /var/run/pluto/pluto --interface
> eth0.1  --nat_traversal --force_keepalive  --debug-all --stderrlog
> --virtual_private
> %v4:192.168.0.0/16,%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:!192.168.1.0/24

You should add --nhelpers=0 since you probably also don't have a real
fork() but an alias to vfork()

> (gdb) bt
> #0  0x42a276a0 in complete_v1_state_transition (mdp=0x427492a0,
> result=STF_INLINE)
>     at/scratch2/twu/openwrt_vpnrouter/ubicom-linux-dist-1.2.1/openwrt/build_dir/linux-
> ubicom32_IP7160RGW/openswan-2.6.24rc4/programs/pluto/ikev1.c:1886

That corresponds to:

     /* If state has DPD support, import it */
     if( st && md->dpd && st->hidden_variables.st_dpd != md->dpd) {
         DBG(DBG_DPD, DBG_log("peer supports dpd"));
         st->hidden_variables.st_dpd = md->dpd;

Can you tell us what's in those variables for you? Specifically st, md->dpd
and st->hidden_variables.st_dpd?

> It seems, in the complete_v1_state_transition() functions the *mdp comes
> corrupted. Because we are assigning its value to "struct msg_digest *md"
> and md->st always shows an invalid memory address which is not in the
> address range of our memory.
> 
> I wonder, if somebody has seen this crash. And our config options are
> true on above?

I have not seen this before. But of course it would not hurt upgrading
to 2.6.30rc1.

Paul


More information about the Dev mailing list