[Openswan Users] BUG with Freeswan/Openswan and SNMPD

Peter B. openswan at linuxnet.ch
Thu Jun 10 10:06:10 CEST 2004 

Hi List

After some months of troubleshooting I found the solution for my problem:

When you use snmpd on your vpn-machine you will get a lot of troubles!

Error behavior:

VPNs are going up and everything is working, after some time you will 
get the following message:

Jun 10 07:46:47 fw kernel: Unable to handle kernel NULL pointer 
dereference at virtual address 000000ec
Jun 10 07:46:47 fw kernel:  printing eip:
Jun 10 07:46:47 fw kernel: f8e5286f
Jun 10 07:46:47 fw kernel: *pde = 358c2067
Jun 10 07:46:47 fw kernel: *pte = 00000000
Jun 10 07:46:47 fw kernel: Oops: 0002
Jun 10 07:46:47 fw kernel: ipsec ipt_REJECT ipt_LOG ipt_multiport 
ipt_state ip_nat_tftp ip_nat_snmp_basic ip_nat_amanda ip_conntrack_tftp 
ip_conntrack_amanda iptable_filter ip_conntrack
Jun 10 07:46:47 fw kernel: CPU:    0
Jun 10 07:46:47 fw kernel: EIP:    0060:[<f8e5286f>]    Not tainted
Jun 10 07:46:47 fw kernel: EFLAGS: 00010246
Jun 10 07:46:47 fw kernel:
Jun 10 07:46:47 fw kernel: EIP is at ipsec_tunnel_ioctl [ipsec] 0x14f 
(2.4.22-1.2188.nptl_48.rhfc1.at)
.
.
.


Our vpn-machine here got an intel e100 card and two Adaptec DuraLAN 
Cards (4-Port LAN Cards with linux starfire driver).
I do a traffic-statistic with cacti 
(http://www.raxnet.net/products/cacti/) on some interfaces with snmp. 
When the first snmp-query is done then the kernel oops like described above.

As a workaround I disabled now on all our firewall/vpn gateways the 
snmpd daemon on kernel 2.4.x machines.

THIS PROBLEM DOES NOT OCCUR WHEN YOU USE KERNEL 2.6.X AND OPENSWAN!
On these machines I can use snmpd without any problems.

Disabling snmpd on the machines is a temporary workaround and not the 
solution for the problem.

Does someone know here if this is a known bug of freeswan/openswan? I 
couldn't find any other people with the same problem like I have.

Since we using openswan now for all of our vpn-tunnels this is a very 
usefull product and I want to thank the developers for this great thing!

Peter Baumann
An ISP in switzerland..

More information about the Users mailing list