[Openswan Users] Re: Problem with start/stop of ipsec 2.1.1

Alexander Samad alex at samad.com.au
Fri Apr 30 19:32:33 CEST 2004 

Thanks

On Mon, Apr 26, 2004 at 01:43:53PM -0500, matt-openswan at kindjal.net wrote:
> Alex,
> 
> This is related to openswan-2.1.1's pluto daemon segfaulting when
> reading a crl.pem file.  Get 2.1.2rc3, and patch x509.c thusly:
> 
> # --- cut
> --- openswan-2.1.2rc3/programs/pluto/x509.c.orig        2004-04-26 09:39:27.000000000 -0500
> +++ openswan-2.1.2rc3/programs/pluto/x509.c     2004-04-26 09:40:57.000000000 -0500
> @@ -1767,7 +1767,7 @@
>                 if (load_coded_file(filename, NULL, "crl", &blob, &pgp))
>                 {
>                     chunk_t crl_uri;
> -                   crl_uri.len = 7 + sizeof(CRL_PATH) + strlen(filename);
> +                   crl_uri.len = 8 + strlen(CRL_PATH) + strlen(filename);
>                     crl_uri.ptr = alloc_bytes(crl_uri.len + 1, "crl uri");
> 
>                     /* build CRL file URI */
> # --- cut
> 
> Now pluto won't die, and the init script won't fail to clean itself up.
> 
> Matt
> 
> 
> Alexander Samad alex at samad.com.au wrote:
> 
> > Fri Mar 26 20:07:55 CET 2004
> > 
> >     * Previous message: [Openswan Users] NAT-T and rpm
> >     * Next message: [Openswan Users] ANNOUNCE: strongSwan mailing list
> >     * created
> >     * Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> > 
> > Hi
> > 
> > I have taken 2.1.1 and compiled and installed it on a debian testing
> > with 2.6.4 (with some netfilter patches).
> > 
> > I originally used the freeswan 2.04-1 (Debian package), worked fine but
> > no NAT-T.
> > 
> > So I have 
> > 
> > make programs
> > make install
> > 
> > updated my ipsec.conf
> > 
> > but when i do a /etc/init.d/ipsec stop I get this
> > 
> > ipsec_setup: Stopping Openswan IPsec...
> > ipsec_setup: Attempt to shut Pluto down failed!  Trying kill:
> > ipsec_setup: /usr/local/lib/ipsec/_realsetup: line 1: kill: (5577) - No
> > such process
> > 
> > 
> > and when I do a ps I still see pluto running around in the background, I
> > have tried to kill it off, but to no avail till I do something like
> > 
> > ps axuw | awk '/[p]luto/ {print $2}' | xargs kill
> > 
> > Note before I do this I can still run ipsec auto --status and sometimes
> > I get an empty but running status (ie interfaces but no conn's) and
> > other times it replies that pluto isn't running
> > 
> > does this happen to any one else
> > 
> > Any ideas where I should look to resolve this
> > 
> > Alex
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.openswan.org/pipermail/users/attachments/20040430/eecab4ae/attachment.bin

More information about the Users mailing list