[Openswan Users] BUG with Freeswan/Openswan and SNMPD

MarekGreško gresko at thr.sk
Fri Jun 11 09:46:04 CEST 2004 

> Hi List
>
> After some months of troubleshooting I found the solution for my problem:
>
> When you use snmpd on your vpn-machine you will get a lot of troubles!
>
> Error behavior:
>
> VPNs are going up and everything is working, after some time you will
> get the following message:
>
> Jun 10 07:46:47 fw kernel: Unable to handle kernel NULL pointer
> dereference at virtual address 000000ec
> Jun 10 07:46:47 fw kernel:  printing eip:
> Jun 10 07:46:47 fw kernel: f8e5286f
> Jun 10 07:46:47 fw kernel: *pde = 358c2067
> Jun 10 07:46:47 fw kernel: *pte = 00000000
> Jun 10 07:46:47 fw kernel: Oops: 0002
> Jun 10 07:46:47 fw kernel: ipsec ipt_REJECT ipt_LOG ipt_multiport
> ipt_state ip_nat_tftp ip_nat_snmp_basic ip_nat_amanda ip_conntrack_tftp
> ip_conntrack_amanda iptable_filter ip_conntrack
> Jun 10 07:46:47 fw kernel: CPU:    0
> Jun 10 07:46:47 fw kernel: EIP:    0060:[<f8e5286f>]    Not tainted
> Jun 10 07:46:47 fw kernel: EFLAGS: 00010246
> Jun 10 07:46:47 fw kernel:
> Jun 10 07:46:47 fw kernel: EIP is at ipsec_tunnel_ioctl [ipsec] 0x14f
> (2.4.22-1.2188.nptl_48.rhfc1.at)
> .
> .
> .
>
>
> Our vpn-machine here got an intel e100 card and two Adaptec DuraLAN
> Cards (4-Port LAN Cards with linux starfire driver).
> I do a traffic-statistic with cacti
> (http://www.raxnet.net/products/cacti/) on some interfaces with snmp.
> When the first snmp-query is done then the kernel oops like described
> above.
>
> As a workaround I disabled now on all our firewall/vpn gateways the
> snmpd daemon on kernel 2.4.x machines.
>
> THIS PROBLEM DOES NOT OCCUR WHEN YOU USE KERNEL 2.6.X AND OPENSWAN!
> On these machines I can use snmpd without any problems.
>
> Disabling snmpd on the machines is a temporary workaround and not the
> solution for the problem.
>
> Does someone know here if this is a known bug of freeswan/openswan? I
> couldn't find any other people with the same problem like I have.
>
> Since we using openswan now for all of our vpn-tunnels this is a very
> usefull product and I want to thank the developers for this great thing!

I started to encounter this problem after upgrading kernel from 2.4.20-28.9 to 
2.4.20-30.9 and freeswan from 2.04 to 2.05. Upgrades were simultaneous so I 
do not know which one of upgrades caused this error. But I expect it is 
because of freeswan 2.05.

Marek
-- 
Marek Greško
THR Systems, a. s.

More information about the Users mailing list