[Openswan Users] Fwd: Openswan 2.3.1 - Sig ABRT during rekeying (w/ attachs)

Jorge Daniel Sequeira Matias martin at andorinha.ist.utl.pt
Fri Apr 22 14:27:19 CEST 2005 

  Hello everyone,

  I have justed started to use Openswan a few days ago and I have a found a
critical BUG I suppose.

  First, I'd like to describe my setup:

  - Athlon MP 2000+ (with only in CPU at the moment)
  - 1024MB ECC RAM

  - Kernel 2.6.11 (vanilla)
  - Distribution Debian (unstable)
  - SNMPd (just in case. I saw a few msgs about this subject)

  The intent of this system is to serve as a VPN Server and Firewall
 solution. I want to use the Windows builtin VPN client (IPSec/L2TP) and I
 want the clients, being behind NAT boxes, to be able to connect to the VPN
 server. So far so good, because it works with Openswan.

  The problem is:

  With Openswan 2.3.0 (debian pkg) I had segmentation faults during some of
the NAT-T KEEPALIVE events.
  Openswan v2.3.1 (original source) has segmentation faults during SA
renegotiation. It seems not be very predictive because it doesn't happen
every renegotiation

  In attach I send a two log files during the moment of events:

     /var/log/daemon.log
     /var/log/auth.log

  I also send my config file in attach (/etc/ipsec.conf)


  I hope this will help to track down the BUG. It occurs occasionaly but is
sufficiently problematic for most users that don't understand what happened
with their VPN connection.

Best Regards,
Jorge Matias
-------------- next part --------------
A non-text attachment was scrubbed...
Name: auth.log
Type: text/x-log
Size: 24687 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20050422/045235f2/auth-0001.bin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: daemon.log
Type: text/x-log
Size: 926 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20050422/045235f2/daemon-0001.bin
-------------- next part --------------
# /etc/ipsec.conf - Openswan IPsec configuration file
# RCSID $Id: ipsec.conf.in,v 1.13 2004/03/24 04:14:39 ken Exp $

# This file:  /usr/share/doc/openswan/ipsec.conf-sample
#
# Manual:     ipsec.conf.5


version	2.0	# conforms to second version of ipsec.conf specification

# basic configuration
config setup
	# Debug-logging controls:  "none" for (almost) none, "all" for lots.
	# klipsdebug=none
	plutodebug="control parsing"
        # plutodebug="all"
        interfaces=%defaultroute
        forwardcontrol=yes
        nat_traversal=yes
#        virtual_private=

# Add connections here

# Aqui especificacam-se todos os parametros gerais que todas as ligacoes vao
# herdar.
conn %default
	keyingtries=1
	compress=yes
	disablearrivalcheck=no
	authby=rsasig
	leftrsasigkey=%cert
	rightrsasigkey=%cert
	pfs=no

# Configuracao de parametros para L2TP/IPSec para clientes Windows
# Herda os parametros genericos da ligacao "roadwarrior".
# NOTA: O cliente do Windows 2000/XP nao suporta PFS
conn roadwarrior-l2tp-updatedwin
	pfs=no
	leftprotoport=17/1701
	rightprotoport=17/1701
	also=roadwarrior

## Nao sei para que serve este tipo de politica
## Fica desactivado ateh ser testada a sua necessidade
conn roadwarrior-l2tp
	pfs=no
	leftprotoport=17/0
	rightprotoport=17/1701
	also=roadwarrior

conn roadwarrior-l2tp-macosx
	pfs=no
	leftprotoport=17/1701
	rightprotoport=17/%any
	also=roadwarrior

conn roadwarrior
	left=%defaultroute
	leftcert=vpncert.pem
	right=%any
	auto=add                   # Indica que esta politica IPSec 
                                   # eh automaticamente instalada logo que o
                                   # OpenS/Wan arrancar 
	type=transport



#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf

More information about the Users mailing list