[Openswan Users] Pluto core dumps FC4 + 2.3.1

Andrew Baumhauer abaumhau at neo.rr.com
Fri Jun 17 12:51:20 CEST 2005 

I'm trying to connect a FC4 box to a PIX 515.

 

I'm getting a segmentation fault when starting the connection with:

 

/usr/sbin/ipsec auto -up SOMENETWORK

 

Here's the backtrace:

 

gdb /usr/libexec/ipsec/pluto core.3442

GNU gdb Red Hat Linux (6.3.0.0-1.24rh)

Copyright 2004 Free Software Foundation, Inc.

GDB is free software, covered by the GNU General Public License, and you are

welcome to change it and/or distribute copies of it under certain
conditions.

Type "show copying" to see the conditions.

There is absolutely no warranty for GDB.  Type "show warranty" for details.

This GDB was configured as "i386-redhat-linux-gnu"...Using host libthread_db
library "/lib/libthread_db.so.1".

 

Reading symbols from shared object read from target memory...done.

Loaded system supplied DSO at 0x13e000

Core was generated by `/usr/libexec/ipsec/pluto --nofork --secretsfile
/etc/ipsec.secrets --ipsecdir /'.

Program terminated with signal 11, Segmentation fault.

 

warning: svr4_current_sos: Can't read pathname for load map: Input/output
error

 

Loaded symbols for /usr/libexec/ipsec/pluto

Reading symbols from /usr/lib/sse2/libgmp.so.3...done.

Loaded symbols for /usr/lib/sse2/libgmp.so.3

Reading symbols from /lib/libresolv.so.2...done.

Loaded symbols for /lib/libresolv.so.2

Reading symbols from /lib/libc.so.6...done.

Loaded symbols for /lib/libc.so.6

Reading symbols from /lib/ld-linux.so.2...done.

Loaded symbols for /lib/ld-linux.so.2

#0  informational (md=0x990e4b8) at demux.c:1047

1047    demux.c: No such file or directory.

        in demux.c

(gdb) bt

#0  informational (md=0x990e4b8) at demux.c:1047

#1  0x0019fcd6 in process_packet (mdp=0x21560c) at demux.c:2247

#2  0x001a0b39 in comm_handle (ifp=0x990cf20) at demux.c:1167

#3  0x00183907 in call_server () at server.c:1124

#4  0x00180b85 in main (argc=9, argv=0xbfef5554) at plutomain.c:747

 

 

Here's the interface I've made:

 

/sbin/ifconfig -a

eth0      Link encap:Ethernet  HWaddr 00:11:43:D2:1E:42  

          inet addr:192.168.1.101  Bcast:192.168.1.255  Mask:255.255.255.0

          inet6 addr: fe80::211:43ff:fed2:1e42/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:1984 errors:2 dropped:0 overruns:0 frame:2

          TX packets:1567 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000 

          RX bytes:176864 (172.7 KiB)  TX bytes:533640 (521.1 KiB)

          Base address:0xecc0 Memory:dfae0000-dfb00000 

 

eth0:1    Link encap:Ethernet  HWaddr 00:11:43:D2:1E:42  

          inet addr:192.168.4.1  Bcast:192.168.4.255  Mask:255.255.255.0

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          Base address:0xecc0 Memory:dfae0000-dfb00000 

 

eth1      Link encap:Ethernet  HWaddr 00:11:43:D2:1E:43  

          inet addr:12.34.56.78  Bcast:12.34.56.xx  Mask:255.255.255.248

          inet6 addr: fe80::211:43ff:fed2:1e43/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:384 errors:0 dropped:0 overruns:0 frame:0

          TX packets:157 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000 

          RX bytes:27380 (26.7 KiB)  TX bytes:13032 (12.7 KiB)

          Base address:0xdcc0 Memory:df8e0000-df900000

 

eth0:1 is the left network I'd like to use (I plumbed the interface) 

 

I'm running IPTABLES, but the problem exists when IPTABLES is stopped.

 

Here's the configs

# basic configuration

config setup

        # Debug-logging controls:  "none" for (almost) none, "all" for lots.

        interfaces=%defaultroute

        klipsdebug=none

        plutodebug="control parsing"

        #klipsdebug=all

        #plutodebug=all

        dumpdir=/tmp

 

include /etc/ipsec.d/*.conf

 

more *.secrets

12.34.56.78 23.45.67.89: PSK "somesecretkey"

 

conn SOMENETWORK

        # Left network

        left=12.34.56.78

        leftsubnet=192.168.4.0/24

        leftnexthop=%defaultroute

        # Right Network (PIX)

        right=23.45.67.89

        rightsubnet=xxx.yyy.28.0/24

        # No Perfect Forwarding Security

        pfs=no

        # How to authenticate

        auth=esp

        esp=aes128-md5,aes128-sha1,3des-md5,3des-sha1

        ike=aes-md5,aes-sha,3des-md5,3des-sha

        authby=secret

        keyexchange=ike

        ikelifetime=24h

        auto=add

 

I tried building the latest code from the CVS, but it won't compile because
of the following errors:

 

cc  -I/home/someuser/src/openswan/openswan-2/programs/pluto/linux26
-I/home/someuser/src/openswan/openswan-2/include
-I/home/someuser/src/openswan/openswan-2/linux/include
-DPLUTO_SENDS_VENDORID -DUSE_KEYRR  -DUSE_LWRES -DKERNEL26_SUPPORT
-DKERNEL26_HAS_KAME_DUPLICATES  -DX509_VERSION=\"X.509-1.5.4\"   -DPLUTO
-DKLIPS -DDEBUG -DGCC_LINT -DIKE_ALG -DKERNEL_ALG -DDB_CONTEXT -DAGGRESSIVE
-DXAUTH -DMODECFG  -DNAT_TRAVERSAL -DVIRTUAL_IP
-DI_KNOW_TRANSPORT_MODE_HAS_SECURITY_CONCERN_BUT_I_WANT_IT
-DSHARED_SECRETS_FILE=\"/etc/ipsec.secrets\"
-DPOLICYGROUPSDIR=\"/etc/ipsec.d/policies\"
-DPERPEERLOGDIR=\"/var/log/pluto/peer\" -g -Wall -W -Wmissing-prototypes
-Wpointer-arith -Wbad-function-cast -Wcast-qual -Wmissing-declarations
-Wwrite-strings -Wstrict-prototypes  -c ikev1_quick.c

In file included from ikev1_quick.c:72:

/home/someuser/src/openswan/openswan-2/include/kernel_alg.h:58: error: array
type has incomplete element type

/home/someuser/src/openswan/openswan-2/include/kernel_alg.h:59: error: array
type has incomplete element type

ikev1_quick.c: In function "quick_mode_hash"

ikev1_quick.c:607: warning: pointer targets in passing argument 2 of
"hmac_update" differ in signedness

make[2]: *** [ikev1_quick.o] Error 1

 

 

Hopefully, someone can help.

 

Andrew

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20050617/291d1626/attachment-0001.htm

More information about the Users mailing list