[Openswan Users] Openswan 2.X stability problem...

Paul Wouters paul at xelerance.com
Wed Jan 4 18:20:22 CET 2006

On Wed, 4 Jan 2006, Laurent LAVAUD wrote:

> I notice some stability problem when i use openswan 2.X on a 2.4 or 2.6
> kernel, pluto die in a unexpected way without any error message...

If you are not using 2.4.5dr3 or 2.4.5.rc1, please upgrade and test
again. If the failure remains, please add the following lines to
ipsec.conf's config setup section:


That should give your a core dump in /tmp. Please show us a gdb trace/dump
on the error.

>       system("/usr/local/lib/ipsec/whack --name test_$i --host
> --client --nexthop --updown
> /usr/sbin/fg-vpn-updown.pl --to --host --client
> --ikelifetime 3600 --ipseclifetime 28800 --rekeymargin 540 --rekeyfuzz
> 100 --keyingtries 0 --dpddelay 30 --dpdtimeout 120 --dpdaction clear
> --esp 3des-md5! --ike 3des-md5-modp1024! --psk --encrypt --tunnel
> --delete --pfs --pfsgroup modp1024");

Those "!" should not be there. They should be ignored (we always assume strict mode).

>       system('/usr/local/lib/ipsec/whack --listen');

You should only need to issue a --listen if your ip changed. calling that in
the loop is not neccessary (and should not be done), though we shouldn't crash
on it either.


More information about the Users mailing list