[Openswan Users] pluto dying

Albert Siersema appie at friendly.net
Mon Nov 14 21:12:39 CET 2005


> The last log entry before pluto crashes is:
> 
> Nov 14 15:39:58 myhost pluto[18659]: packet from a.b.c.d:500: Informational Exchange is for an unknown (expired?) SA

Ooops, that was the wrong one. The core dump was dated 15:00.
And the only log entries right before that date are:
	
Nov 14 14:56:03 myhost pluto[778]: "oswan_swall" #20: replacing stale IPsec SA
Nov 14 14:56:03 myhost pluto[778]: "oswan_swall" #24: initiating Quick Mode 
PSK+ENCRYPT+TUNNEL+PFS+UP to replace #20 {using isakmp#22}
Nov 14 14:56:03 myhost pluto[778]: "oswan_swall" #24: Dead Peer Detection 
(RFC 3706): enabled
Nov 14 14:56:03 myhost pluto[778]: "oswan_swall" #24: transition from state 
STATE_QUICK_I1 to state STATE_QUICK_I2
Nov 14 14:56:03 myhost pluto[778]: "oswan_swall" #24: STATE_QUICK_I2: sent 
QI2, IPsec SA established {ESP=>0xc7c30983 <0x254f76a2 xfrm=3DES_0-HMAC_SHA1 
NATD=none DPD=enabled}

(yes i've turned on dead peer detection as the person at the sonicwall side 
it was most probably enabled there too. hoping this might fix it, but no,
unfortunately it crashes as well (as without dpd))

Debug info shows:

Nov 14 14:59:57 myhost pluto[778]: | *time to handle event
Nov 14 14:59:57 myhost pluto[778]: | handling event EVENT_DPD
Nov 14 14:59:57 myhost pluto[778]: | event after this is EVENT_DPD in 0 seconds
Nov 14 14:59:57 myhost pluto[778]: | processing connection oswan_swall_tunnel2
Nov 14 14:59:57 myhost pluto[778]: | inserting event EVENT_DPD, timeout in 
60 seconds for #23
Nov 14 14:59:57 myhost pluto[778]: | next event EVENT_DPD in 0 seconds for #24
Nov 14 14:59:57 myhost pluto[778]: |
Nov 14 14:59:57 myhost pluto[778]: | *time to handle event
Nov 14 14:59:57 myhost pluto[778]: | handling event EVENT_DPD
Nov 14 14:59:57 myhost pluto[778]: | event after this is EVENT_SHUNT_SCAN in 
10 seconds
Nov 14 14:59:57 myhost pluto[778]: | processing connection oswan_swall
Nov 14 14:59:57 myhost pluto[778]: | inserting event EVENT_DPD, timeout in 
60 seconds for #24
Nov 14 14:59:57 myhost pluto[778]: | next event EVENT_SHUNT_SCAN in 10 seconds
Nov 14 15:00:07 myhost pluto[778]: |
Nov 14 15:00:07 myhost pluto[778]: | *time to handle event
Nov 14 15:00:07 myhost pluto[778]: | handling event EVENT_SHUNT_SCAN
Nov 14 15:00:07 myhost pluto[778]: | event after this is 
EVENT_PENDING_PHASE2 in 1 seconds
Nov 14 15:00:07 myhost pluto[778]: | inserting event EVENT_SHUNT_SCAN, 
timeout in 120 seconds
Nov 14 15:00:07 myhost pluto[778]: | scanning for shunt eroutes
Nov 14 15:00:07 myhost pluto[778]: | next event EVENT_PENDING_PHASE2 in 1 
seconds
Nov 14 15:00:08 myhost pluto[778]: |
Nov 14 15:00:08 myhost pluto[778]: | *time to handle event
Nov 14 15:00:08 myhost pluto[778]: | handling event EVENT_PENDING_PHASE2
Nov 14 15:00:08 myhost pluto[778]: | event after this is EVENT_DPD in 49 seconds
Nov 14 15:00:08 myhost pluto[778]: | inserting event EVENT_PENDING_PHASE2, 
timeout in 120 seconds
Nov 14 15:00:08 myhost pluto[778]: | pending review: connection 
"oswan_swall_tunnel2" checked
Nov 14 15:00:08 myhost pluto[778]: | pending review: connection 
"oswan_swall" checked
Nov 14 15:00:08 myhost pluto[778]: | next event EVENT_DPD in 49 seconds for #24
Nov 14 15:00:10 myhost pluto[778]: |
Nov 14 15:00:10 myhost pluto[778]: | *received 1400 bytes from e.f.g.h:500 
on eth1 (port=500)
<1024 bytes hex dump snipped>
Nov 14 15:00:10 myhost pluto[778]: | **parse ISAKMP Message:
Nov 14 15:00:10 myhost pluto[778]: |    initiator cookie:
Nov 14 15:00:10 myhost pluto[778]: |   ....
Nov 14 15:00:10 myhost pluto[778]: |    responder cookie:
Nov 14 15:00:10 myhost pluto[778]: |   00 00 00 00  00 00 00 00
Nov 14 15:00:10 myhost pluto[778]: |    next payload type: ISAKMP_NEXT_SA
Nov 14 15:00:10 myhost pluto[778]: |    ISAKMP version: ISAKMP Version 1.0
Nov 14 15:00:10 myhost pluto[778]: |    exchange type: ISAKMP_XCHG_AGGR
Nov 14 15:00:10 myhost pluto[778]: |    flags: none
Nov 14 15:00:10 myhost pluto[778]: |    message ID:  00 00 00 00
Nov 14 15:00:10 myhost pluto[778]: |    length: 1400
Nov 14 15:00:10 myhost pluto[778]: |  processing packet with exchange 
type=ISAKMP_XCHG_AGGR (4)

This looks rather suspicious as e.f.g.h is not actually the IP of our peer.
And besides, XCHG_AGGR ?! I'm pretty sure i've compiled OpenS/WAN _without_
agressive mode. Plus the news on isakmp problems and agressive mode...

After that... nothing. pluto crashed.
See previous message for core dump info.

Any insights ? news ?

Thanks,
Albert


More information about the Users mailing list