[Openswan Users] ASSERTION FAILED Request for Help

David Klann dxklann at gmail.com
Fri Mar 7 11:38:34 EST 2008 

Hi,

I'm hoping this is a case of not reading or not fully understanding
the directions.

I'm running kernel 2.6.24-gentoo-r3 (kernel version 2.6.24.3) with
openswan 2.4.12 (from openswan.org). It appears as if my main problem
at present is shown in the following pluto log message (note the
"ASSERTION FAILED" message in the tenth line). This enters the log
immediately after running "sudo ipsec setup start":

Mar  7 10:15:33 host ipsec__plutorun: Restarting Pluto subsystem...
Mar  7 10:15:33 host ipsec__plutorun: Unknown default RSA hostkey scheme, not generating a default hostkey
Mar  7 10:15:33 host pluto[12237]: Starting Pluto (Openswan Version 2.4.12 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID OEKBzdY{wM]@)
Mar  7 10:15:33 host pluto[12237]: Setting NAT-Traversal port-4500 floating to on
Mar  7 10:15:33 host pluto[12237]:    port floating activation criteria nat_t=1/port_fload=1
Mar  7 10:15:33 host pluto[12237]:   including NAT-Traversal patch (Version 0.6c)
Mar  7 10:15:33 host pluto[12237]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
Mar  7 10:15:33 host pluto[12237]: no helpers will be started, all cryptographic operations will be done inline
Mar  7 10:15:33 host pluto[12237]: Using NETKEY IPsec interface code on 2.6.24-gentoo-r3
Mar  7 10:15:34 host pluto[12237]: ASSERTION FAILED at kernel_alg.c:264: buflen>0
Mar  7 10:15:34 host pluto[12237]: %myid = (none)
Mar  7 10:15:34 host pluto[12237]: debug none
Mar  7 10:15:34 host pluto[12237]:  
Mar  7 10:15:34 host pluto[12237]:  
Mar  7 10:15:34 host pluto[12237]: algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8, keydeflen=192
Mar  7 10:15:34 host pluto[12237]: algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16, keydeflen=128
Mar  7 10:15:34 host pluto[12237]: algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16
Mar  7 10:15:34 host pluto[12237]: algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20
Mar  7 10:15:34 host pluto[12237]: algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
Mar  7 10:15:34 host pluto[12237]: algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
Mar  7 10:15:34 host pluto[12237]: algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
Mar  7 10:15:34 host pluto[12237]: algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
Mar  7 10:15:34 host pluto[12237]: algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
Mar  7 10:15:34 host pluto[12237]: algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
Mar  7 10:15:34 host pluto[12237]: algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
Mar  7 10:15:34 host pluto[12237]:  
Mar  7 10:15:34 host pluto[12237]: stats db_ops.c: {curr_cnt, total_cnt, maxsz} :context={0,0,0} trans={0,0,0} attrs={0,0,0} 

Here is the output of lsmod for the current kernel:

Module                  Size  Used by
xfrm_user              19072  0 
xfrm4_tunnel            2304  0 
af_key                 28944  0 
ipcomp                  5128  0 
esp4                    5504  0 
ah4                     4480  0 
aes_i586               32372  0 
des_generic            16128  0 
sha1_generic            2176  0 
sha256_generic         10880  0 


I see the "ASSERTION FAILED" message in the log file with version
2.4.11 as well. (Openswan version 2.4.11 is the current version in
Gentoo Portage.) Running openswan 2.5.17 reports that my kernel has
both KLIPS and NETKEY enabled.

Any thoughts about what I'm doing wrong?

Thanks!

 -David Klann

More information about the Users mailing list