[Openswan Users] Openswan and Nortel Interop Problem

Paul Wouters paul at xelerance.com
Thu Sep 28 12:42:49 EDT 2006


On Thu, 28 Sep 2006, Peter McGill wrote:

> /var/log/syslog:Sep 24 19:27:16 sheridan ipsec__plutorun: /usr/local/lib/ipsec/_plutorun: line 1:  1686 Segmentation fault
> /usr/local/libexec/ipsec/pluto --nofork --secretsfile /etc/ipsec.secrets --ipsecdir /etc/ipsec.d --use-auto --uniqueids
> /var/log/syslog:Sep 24 19:27:16 sheridan ipsec__plutorun: !pluto failure!:  exited with error status 139 (signal 11)
> /var/log/syslog:Sep 24 19:27:16 sheridan ipsec__plutorun: restarting IPsec after pause...

Can you enable dumpdir=/tmp and get us a gdb trace of the core file generated in /tmp/ after the crash?

> /var/log/secure:Sep 28 06:15:46 sheridan pluto[28014]: "sunoco-172-26-net-to-london-office-net" #1199: STATE_QUICK_I2: sent QI2,
> IPsec SA established {ESP=>0x0003121c <0x9c70c33b xfrm=3DES_0-HMAC_MD5 NATD=none DPD=enabled}
>
> /var/log/secure:Sep 28 06:15:52 sheridan pluto[28014]: "sunoco-172-26-net-to-london-office-net" #1196: max number of retransmissions
> (2) reached STATE_QUICK_I1

It looks like multiple rekeys are happening at the same time. Perhaps both ends are rekeying, and the initiator/responder
swap places, and one configuration is more strict then the other in what it accepts?

> /var/log/secure:Sep 28 06:26:21 sheridan pluto[28014]: "sunoco-172-16-19-net-to-london-office-net" #1201: IPsec Transform [ESP_AES
> (128), AUTH_ALGORITHM_HMAC_SHA1] refused due to strict flag

Did you specify something with md5 on the ike= or esp= line? Perhaps leave that out?

> /var/log/secure:Sep 28 06:27:28 sheridan pluto[28014]: packet from 199.212.129.226:500: received and ignored informational message
>
> /var/log/secure:Sep 28 06:27:34 sheridan pluto[28014]: "sunoco-172-26-net-to-london-office-net" #1202: initiating Quick Mode
> PSK+ENCRYPT+TUNNEL+PFS+UP to replace #1200 {using isakmp#1144}
>
> /var/log/syslog:Sep 28 06:27:34 sheridan ipsec__plutorun: /usr/local/lib/ipsec/_plutorun: line 1: 28014 Segmentation fault
> /usr/local/libexec/ipsec/pluto --nofork --secretsfile /etc/ipsec.secrets --ipsecdir /etc/ipsec.d --use-auto --uniqueids
> /var/log/syslog:Sep 28 06:27:34 sheridan ipsec__plutorun: !pluto failure!:  exited with error status 139 (signal 11)
> /var/log/syslog:Sep 28 06:27:34 sheridan ipsec__plutorun: restarting IPsec after pause...

Of course, we shouldnt crash on that.

Paul
-- 
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155


More information about the Users mailing list