[Openswan Users] Openswan 2.1.0 on gentoo, Pluto got segmentation fault

Niki Waibel niki.waibel at newlogic.com
Mon Mar 22 10:35:45 CET 2004


maybe this is because of the crl.pem file in /etc/ipsec.d/crls.
i also had the problem that pluto died... removing the file has helped.
but of course that's no solution if you have to use a crl.

see this mail
Date: Sun, 21 Mar 2004 06:35:37 +0100 (MET)
From: Ken Bantoft <ken at xelerance.com>
To: Dennis Boylan <openswan at b-lan.com>
Subject: Re: [Openswan Users] CRLS in 2.1.0
Cc: users at lists.openswan.org

niki

On 22-Mar-2004 Wolfman wrote:
> Hi,
> I tried to setup open swan on my system, to get a VPN with Win2k clients. 
> But for some strange reason pluto won't start.
> I can't see any misconfiguration. So can anyone help?
> 
> Thanks
> Christian
> 
> Here is my demon.log:
> [...]
> Mar 21 23:18:34 Linuxserver ipsec_setup: Starting Openswan IPsec 
> U2.1.0/Kcvs2002Mär12_01:19:03...
> Mar 21 23:18:34 Linuxserver ipsec_setup: KLIPS debug `none'
> Mar 21 23:18:34 Linuxserver ipsec_setup: KLIPS ipsec0 on ppp0 
> <SomeIP>/255.255.255.255 pointopoint <SomeIP>
> Mar 21 23:18:34 Linuxserver ipsec_setup: ...Openswan IPsec started
> Mar 21 23:18:34 Linuxserver ipsec__plutorun: /usr/lib/ipsec/_plutorun: line 
> 1:  9623 Segmentation fault      /usr/libexec/ipsec/pluto --nofork 
> --secretsfile /etc/ipsec/ipsec.secrets --ipsecdir /etc/ipsec/ipsec.d 
> --uniqueids
> Mar 21 23:18:35 Linuxserver ipsec__plutorun: whack: is Pluto 
> running?  connect() for "/var/run/pluto.ctl" failed (111 Connection refused)
> Mar 21 23:18:35 Linuxserver ipsec__plutorun: ...could not add conn "p2n"
> Mar 21 23:18:35 Linuxserver ipsec__plutorun: whack: is Pluto 
> running?  connect() for "/var/run/pluto.ctl" failed (111 Connection refused)
> Mar 21 23:18:35 Linuxserver ipsec__plutorun: ...could not add conn 
> "clear-or-private"
> Mar 21 23:18:36 Linuxserver ipsec__plutorun: whack: is Pluto 
> running?  connect() for "/var/run/pluto.ctl" failed (111 Connection refused)
> Mar 21 23:18:36 Linuxserver ipsec__plutorun: ...could not add conn "n2n"
> Mar 21 23:18:36 Linuxserver ipsec__plutorun: whack: is Pluto 
> running?  connect() for "/var/run/pluto.ctl" failed (111 Connection refused)
> Mar 21 23:18:36 Linuxserver ipsec__plutorun: whack: is Pluto 
> running?  connect() for "/var/run/pluto.ctl" failed (111 Connection refused)
> Mar 21 23:18:36 Linuxserver ipsec__plutorun: ...could not route conn 
> "clear-or-private"
> Mar 21 23:18:36 Linuxserver ipsec__plutorun: !pluto failure!:  exited with 
> error status 139 (signal 11)
> Mar 21 23:18:36 Linuxserver ipsec__plutorun: restarting IPsec after pause...
> Mar 21 23:18:46 Linuxserver rc-scripts: ERROR:  wrong args. (  _autorestart 
> / _autorestart )
> Mar 21 23:18:46 Linuxserver rc-scripts: Usage: ipsec { start|stop|restart }
> Mar 21 23:18:46 Linuxserver rc-scripts:        ipsec without arguments for 
> full help
> [...]
> 
> My ipsec.conf:
> [...]
># basic configuration
> config setup
>          # Debug-logging controls:  "none" for (almost) none, "all" for lots.
>          # klipsdebug=all
>          # plutodebug=dns
> 
># Add connections here.
> 
> conn %default
>          keyingtries=1
>          compress=yes
>          disablearrivalcheck=no
>          authby=rsasig
>          rightrsasigkey=%cert
>          auto=add
>          leftrsasigkey=%cert
>          left=%defaultroute
>          leftcert=VPN-Gateway.pem
> 
> conn p2n
>          right=%any
>          leftsubnet=192.168.107.0/24
> conn n2n
>          right=%any
>          rightsubnetwithin=192.168.0.0/24
>          leftsubnet=192.168.107.0/24
> conn block
>          auto=ignore
> conn private
>          auto=ignore
> conn private-or-clear
>          auto=ignore
> conn clear
>          auto=ignore
> conn packetdefault
>          auto=ignore
> [...]
> 
> _______________________________________________
> Users mailing list
> Users at lists.openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> 

-- 
niki w. waibel - system administrator @ newlogic technologies ag


More information about the Users mailing list