[Openswan Users] Pluto crash, kernel NULL pointer with openswan 2.6.22 and kernel 2.6.30.2

Michael Niehren michael at NIEHREN.de
Mon Jul 27 06:49:22 EDT 2009


Hi together,

i am not able to establish any VPN Connection. Pluto crashs after finishing the connection.

Attached you find my ipsec.conf and the the line's from the crash in /var/log/messages and 
/var/log/secure.

Could anybody help ?

kind regards,
  Michael

-- 
Michael Niehren              __   _       powered by
                            / /  (_)__  __ ____  __
                           / /__/ / _ \/ // /\ \/ /
                          /____/_/_//_/\_,_/ /_/\_\
-------------- next part --------------
version 2.0

config setup
        plutodebug=none
        uniqueids=yes
        nat_traversal=yes
        protostack=klips
        interfaces="ipsec0=ppp0"

conn %default
        authby=rsasig
        leftrsasigkey=%cert
        rightrsasigkey=%cert
        keyingtries=1
        keylife=20m
        ikelifetime=240m
        leftupdown=/etc/ipsec.d/scripts/updown.tux
        leftcert=public_tuxgate.niehren.de.pem
        leftid=%fromcert
        esp=aes128,aes192,aes256,3des
        ike=aes128,aes192,aes256,3des
        dpdtimeout=120
        dpddelay=30


conn buero_michael
  auto=start
  dpdaction=restart
  left=91.50.83.121
  leftsubnet=192.168.70.0/24
  right=x.x.x.x
  rightsubnet=192.168.60.0/24
  rightcert=public_tuxbuero.tuxgreen.de.pem
  rightid=%fromcert
-------------- next part --------------
2009-07-27T12:26:16.560785+02:00 tuxgate pluto: adjusting ipsec.d to /etc/ipsec.d
2009-07-27T12:26:16.571918+02:00 tuxgate ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d
2009-07-27T12:26:16.593607+02:00 tuxgate ipsec_setup: ...Openswan IPsec started
2009-07-27T12:26:16.689857+02:00 tuxgate ipsec__plutorun: 002 loading certificate from public_tuxgate.niehren.de.pem 
2009-07-27T12:26:16.690129+02:00 tuxgate ipsec__plutorun: 002   loaded host cert file '/etc/ipsec.d/certs/public_tuxgate.niehren.de.pem' (3605 bytes)
2009-07-27T12:26:16.690390+02:00 tuxgate ipsec__plutorun: 002   no subjectAltName matches ID '%fromcert', replaced by subject DN
2009-07-27T12:26:16.691220+02:00 tuxgate ipsec__plutorun: 002 loading certificate from public_tuxbuero.tuxgreen.de.pem 
2009-07-27T12:26:16.692584+02:00 tuxgate ipsec__plutorun: 002   loaded host cert file '/etc/ipsec.d/certs/public_tuxbuero.tuxgreen.de.pem' (3390 bytes)
2009-07-27T12:26:16.693510+02:00 tuxgate ipsec__plutorun: 002   no subjectAltName matches ID '%fromcert', replaced by subject DN
2009-07-27T12:26:16.695848+02:00 tuxgate ipsec__plutorun: 002 added connection description "buero_michael"
2009-07-27T12:26:16.788803+02:00 tuxgate ipsec__plutorun: 003 NAT-Traversal: Trying new style NAT-T
2009-07-27T12:26:17.097865+02:00 tuxgate ipsec__plutorun: 104 "buero_michael" #1: STATE_MAIN_I1: initiate
2009-07-27T12:26:17.637758+02:00 tuxgate kernel: BUG: unable to handle kernel NULL pointer dereference at (null)
2009-07-27T12:26:17.638741+02:00 tuxgate kernel: IP: [<e21a606d>] aes_32+0x3/0x496 [ipsec]
2009-07-27T12:26:17.638798+02:00 tuxgate kernel: *pde = 00000000 
2009-07-27T12:26:17.638843+02:00 tuxgate kernel: Oops: 0002 [#11] 
2009-07-27T12:26:17.638892+02:00 tuxgate kernel: last sysfs file: /sys/devices/platform/w83627hf.656/temp3_input
2009-07-27T12:26:17.638969+02:00 tuxgate kernel: Modules linked in: ipsec ipt_REDIRECT xt_mark xt_recent ipt_MASQUERADE iptable_nat nf_nat sch_htb xt_length iptable_mangle xt_MARK ipt_LOG xt_limit nf_conntrack_ipv4 nf_defrag_ipv4 xt_state iptable_filter ip_tables usb_storage 8139too 8139cp nfs lockd sunrpc
2009-07-27T12:26:17.639018+02:00 tuxgate kernel: 
2009-07-27T12:26:17.639066+02:00 tuxgate kernel: Pid: 10010, comm: pluto Tainted: G      D    (2.6.30.2 #1)  
2009-07-27T12:26:17.639115+02:00 tuxgate kernel: EIP: 0060:[<e21a606d>] EFLAGS: 00010202 CPU: 0
2009-07-27T12:26:17.639162+02:00 tuxgate kernel: EIP is at aes_32+0x3/0x496 [ipsec]
2009-07-27T12:26:17.639210+02:00 tuxgate kernel: EAX: d7416000 EBX: 00000208 ECX: 00000004 EDX: 00000000
2009-07-27T12:26:17.639259+02:00 tuxgate kernel: ESI: d7406000 EDI: d7416208 EBP: df27db3c ESP: df27db28
2009-07-27T12:26:17.640864+02:00 tuxgate kernel:  DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068
2009-07-27T12:26:17.640926+02:00 tuxgate kernel: Process pluto (pid: 10010, ti=df27c000 task=de57f8a0 task.ti=df27c000)
2009-07-27T12:26:17.640969+02:00 tuxgate kernel: Stack:
2009-07-27T12:26:17.641019+02:00 tuxgate kernel:  d7416208 d7406000 00000208 df27db60 df27dbc4 df27db4c 00000202 e21a4918
2009-07-27T12:26:17.641069+02:00 tuxgate kernel:  00000000 df27db54 e21a4646 df27db78 e21a16b4 00000010 df3d5420 d7416000
2009-07-27T12:26:17.641119+02:00 tuxgate kernel:  e21cfdb8 00000003 d7406000 e21988fe df27dc70 e2186caa 00000020 000000b4
2009-07-27T12:26:17.641161+02:00 tuxgate kernel: Call Trace:
2009-07-27T12:26:17.641205+02:00 tuxgate kernel:  [<e21a4918>] ? AES_set_key+0xa/0x12 [ipsec]
2009-07-27T12:26:17.641251+02:00 tuxgate kernel:  [<e21a4646>] ? _aes_set_key+0xf/0x19 [ipsec]
2009-07-27T12:26:17.641298+02:00 tuxgate kernel:  [<e21a16b4>] ? ipsec_alg_enc_key_create+0x1cf/0x286 [ipsec]
2009-07-27T12:26:17.641345+02:00 tuxgate kernel:  [<e21988fe>] ? pfkey_key_process+0x0/0x19f [ipsec]
2009-07-27T12:26:17.642773+02:00 tuxgate kernel:  [<e2186caa>] ? ipsec_sa_init+0x4e9/0x8c0 [ipsec]
2009-07-27T12:26:17.642823+02:00 tuxgate kernel:  [<c02d6603>] ? number+0x11f/0x1da
2009-07-27T12:26:17.642868+02:00 tuxgate kernel:  [<c025d1aa>] ? __pollwait+0x0/0xa3
2009-07-27T12:26:17.642916+02:00 tuxgate kernel:  [<e219cac4>] ? pfkey_address_build+0x224/0x2b1 [ipsec]
2009-07-27T12:26:17.642961+02:00 tuxgate kernel:  [<c0405bcf>] ? inet_addr_type+0x76/0xcd
2009-07-27T12:26:17.643007+02:00 tuxgate kernel:  [<e219cc3a>] ? pfkey_extensions_free+0xa6/0xbc [ipsec]
2009-07-27T12:26:17.643054+02:00 tuxgate kernel:  [<e21988fe>] ? pfkey_key_process+0x0/0x19f [ipsec]
2009-07-27T12:26:17.643100+02:00 tuxgate kernel:  [<e2195c8b>] ? pfkey_add_parse+0x1b7/0x6e2 [ipsec]
2009-07-27T12:26:17.643147+02:00 tuxgate kernel:  [<e219b5e5>] ? pfkey_msg_parse+0x463/0x5fa [ipsec]
2009-07-27T12:26:17.643194+02:00 tuxgate kernel:  [<c0214747>] ? default_wake_function+0xb/0xd
2009-07-27T12:26:17.643242+02:00 tuxgate kernel:  [<c022547a>] ? autoremove_wake_function+0xf/0x33
2009-07-27T12:26:17.643952+02:00 tuxgate kernel:  [<e21988fe>] ? pfkey_key_process+0x0/0x19f [ipsec]
2009-07-27T12:26:17.644005+02:00 tuxgate kernel:  [<e2193c9a>] ? pfkey_msg_interp+0x236/0x296 [ipsec]
2009-07-27T12:26:17.644055+02:00 tuxgate kernel:  [<e219381e>] ? pfkey_sendmsg+0x2b0/0x3be [ipsec]
2009-07-27T12:26:17.644102+02:00 tuxgate kernel:  [<c03b6d70>] ? sock_aio_write+0xeb/0xff
2009-07-27T12:26:17.644149+02:00 tuxgate kernel:  [<c0251d2e>] ? do_sync_write+0xaa/0xe8
2009-07-27T12:26:17.644197+02:00 tuxgate kernel:  [<c022546b>] ? autoremove_wake_function+0x0/0x33
2009-07-27T12:26:17.644245+02:00 tuxgate kernel:  [<c02445f0>] ? handle_mm_fault+0x3f0/0x446
2009-07-27T12:26:17.644291+02:00 tuxgate kernel:  [<c02525bd>] ? vfs_write+0x97/0xf6
2009-07-27T12:26:17.644338+02:00 tuxgate kernel:  [<c02526b5>] ? sys_write+0x3b/0x60
2009-07-27T12:26:17.644385+02:00 tuxgate kernel:  [<c0202714>] ? sysenter_do_call+0x12/0x26
2009-07-27T12:26:17.644452+02:00 tuxgate kernel: Code: 89 e5 83 ec 08 53 56 57 8b 55 0c 8b 4d 14 81 f9 80 00 00 00 72 03 c1 e9 03 83 f9 20 74 0a 83 f9 18 74 05 b9 10 00 00 00 c1 e9 02 <89> 0a 8d 41 06 89 42 04 8b 75 10 8d 7a 08 fc 55 89 c8 f3 a5 8b 
2009-07-27T12:26:17.644524+02:00 tuxgate kernel: EIP: [<e21a606d>] aes_32+0x3/0x496 [ipsec] SS:ESP 0068:df27db28
2009-07-27T12:26:17.644719+02:00 tuxgate kernel: CR2: 0000000000000000
2009-07-27T12:26:17.644768+02:00 tuxgate kernel: ---[ end trace 8043be9f2810caf4 ]---
2009-07-27T12:26:17.647963+02:00 tuxgate ipsec__plutorun: /usr/lib/ipsec/_plutorun: line 232: 10010 Killed                  /usr/libexec/ipsec/pluto --nofork --secretsfile /etc/ipsec.secrets --ipsecdir /etc/ipsec.d --use-klips --uniqueids --nat_traversal
2009-07-27T12:26:17.653783+02:00 tuxgate ipsec__plutorun: pluto killed by SIGKILL, terminating without restart or unlock

-------------- next part --------------
2009-07-27T12:26:16.573525+02:00 tuxgate pluto[10010]: Starting Pluto (Openswan Version 2.6.22; Vendor ID OElj@]rTMBuM) pid:10010
2009-07-27T12:26:16.573856+02:00 tuxgate pluto[10010]: Setting NAT-Traversal port-4500 floating to on
2009-07-27T12:26:16.574102+02:00 tuxgate pluto[10010]:    port floating activation criteria nat_t=1/port_float=1
2009-07-27T12:26:16.574579+02:00 tuxgate pluto[10010]:    including NAT-Traversal patch (Version 0.6c)
2009-07-27T12:26:16.580875+02:00 tuxgate pluto[10010]: using /dev/urandom as source of random entropy
2009-07-27T12:26:16.586493+02:00 tuxgate pluto[10010]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)
2009-07-27T12:26:16.590981+02:00 tuxgate pluto[10010]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
2009-07-27T12:26:16.591304+02:00 tuxgate pluto[10010]: ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
2009-07-27T12:26:16.593997+02:00 tuxgate pluto[10010]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
2009-07-27T12:26:16.594257+02:00 tuxgate pluto[10010]: ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
2009-07-27T12:26:16.594513+02:00 tuxgate pluto[10010]: ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
2009-07-27T12:26:16.594789+02:00 tuxgate pluto[10010]: ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
2009-07-27T12:26:16.595273+02:00 tuxgate pluto[10010]: starting up 1 cryptographic helpers
2009-07-27T12:26:16.596989+02:00 tuxgate pluto[10015]: using /dev/urandom as source of random entropy
2009-07-27T12:26:16.611161+02:00 tuxgate pluto[10010]: started helper pid=10015 (fd:7)
2009-07-27T12:26:16.611688+02:00 tuxgate pluto[10010]: Using KLIPS IPsec interface code on 2.6.30.2
2009-07-27T12:26:16.622316+02:00 tuxgate pluto[10010]: Changed path to directory '/etc/ipsec.d/cacerts'
2009-07-27T12:26:16.622786+02:00 tuxgate pluto[10010]: Changed path to directory '/etc/ipsec.d/aacerts'
2009-07-27T12:26:16.623093+02:00 tuxgate pluto[10010]: Changed path to directory '/etc/ipsec.d/ocspcerts'
2009-07-27T12:26:16.623402+02:00 tuxgate pluto[10010]: Changing to directory '/etc/ipsec.d/crls'
2009-07-27T12:26:16.623854+02:00 tuxgate pluto[10010]:   Warning: empty directory
2009-07-27T12:26:16.624145+02:00 tuxgate pluto[10010]: Changing to directory '/etc/ipsec.d/acerts'
2009-07-27T12:26:16.686794+02:00 tuxgate pluto[10010]: loading certificate from public_tuxgate.niehren.de.pem
2009-07-27T12:26:16.687402+02:00 tuxgate pluto[10010]:   loaded host cert file '/etc/ipsec.d/certs/public_tuxgate.niehren.de.pem' (3605 bytes)
2009-07-27T12:26:16.688663+02:00 tuxgate pluto[10010]:   no subjectAltName matches ID '%fromcert', replaced by subject DN
2009-07-27T12:26:16.689309+02:00 tuxgate pluto[10010]: loading certificate from public_tuxbuero.tuxgreen.de.pem
2009-07-27T12:26:16.690910+02:00 tuxgate pluto[10010]:   loaded host cert file '/etc/ipsec.d/certs/public_tuxbuero.tuxgreen.de.pem' (3390 bytes)
2009-07-27T12:26:16.692295+02:00 tuxgate pluto[10010]:   no subjectAltName matches ID '%fromcert', replaced by subject DN
2009-07-27T12:26:16.693210+02:00 tuxgate pluto[10010]: added connection description "buero_michael"
2009-07-27T12:26:16.778613+02:00 tuxgate pluto[10010]: listening for IKE messages
2009-07-27T12:26:16.779249+02:00 tuxgate pluto[10010]: NAT-Traversal: Trying new style NAT-T
2009-07-27T12:26:16.779546+02:00 tuxgate pluto[10010]: adding interface ipsec0/ppp0 91.50.83.121:500
2009-07-27T12:26:16.779885+02:00 tuxgate pluto[10010]: adding interface ipsec0/ppp0 91.50.83.121:4500
2009-07-27T12:26:16.780403+02:00 tuxgate pluto[10010]: loading secrets from "/etc/ipsec.secrets"
2009-07-27T12:26:16.780887+02:00 tuxgate pluto[10010]:   loaded private key file '/etc/ipsec.d/private/key_tuxgate.niehren.de.pem' (963 bytes)
2009-07-27T12:26:16.783416+02:00 tuxgate pluto[10010]: loaded private key for keyid: PPK_RSA:AwEAAcmlb
2009-07-27T12:26:17.091741+02:00 tuxgate pluto[10010]: "buero_michael" #1: initiating Main Mode
2009-07-27T12:26:17.142282+02:00 tuxgate pluto[10010]: "buero_michael" #1: received Vendor ID payload [Openswan (this version) 2.6.22 ]
2009-07-27T12:26:17.142646+02:00 tuxgate pluto[10010]: "buero_michael" #1: received Vendor ID payload [Dead Peer Detection]
2009-07-27T12:26:17.142917+02:00 tuxgate pluto[10010]: "buero_michael" #1: received Vendor ID payload [RFC 3947] method set to=109
2009-07-27T12:26:17.143222+02:00 tuxgate pluto[10010]: "buero_michael" #1: enabling possible NAT-traversal with method 4
2009-07-27T12:26:17.192856+02:00 tuxgate pluto[10010]: "buero_michael" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
2009-07-27T12:26:17.193535+02:00 tuxgate pluto[10010]: "buero_michael" #1: STATE_MAIN_I2: sent MI2, expecting MR2
2009-07-27T12:26:17.295434+02:00 tuxgate pluto[10010]: packet from x.x.x.x:500: Quick Mode message is for a non-existent (expired?) ISAKMP SA
2009-07-27T12:26:17.300315+02:00 tuxgate pluto[10010]: packet from x.x.x.x:500: Quick Mode message is for a non-existent (expired?) ISAKMP SA
2009-07-27T12:26:17.313529+02:00 tuxgate pluto[10010]: packet from x.x.x.x:500: Informational Exchange is for an unknown (expired?) SA with MSGID:0x756148bf
2009-07-27T12:26:17.315376+02:00 tuxgate pluto[10010]: "buero_michael" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected
2009-07-27T12:26:17.315725+02:00 tuxgate pluto[10010]: "buero_michael" #1: I am sending my cert
2009-07-27T12:26:17.315995+02:00 tuxgate pluto[10010]: "buero_michael" #1: I am sending a certificate request
2009-07-27T12:26:17.340560+02:00 tuxgate pluto[10010]: "buero_michael" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
2009-07-27T12:26:17.341415+02:00 tuxgate pluto[10010]: "buero_michael" #1: STATE_MAIN_I3: sent MI3, expecting MR3
2009-07-27T12:26:17.422539+02:00 tuxgate pluto[10010]: "buero_michael" #1: received Vendor ID payload [CAN-IKEv2]
2009-07-27T12:26:17.423017+02:00 tuxgate pluto[10010]: "buero_michael" #1: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, ST=Saarland, L=Hasborn, O=tuxgreen GmbH, OU=Buero Hasborn, CN=VPN-Host-Certificate, E=tuxbuero.tuxgreen.
de'
2009-07-27T12:26:17.423525+02:00 tuxgate pluto[10010]: "buero_michael" #1: issuer cacert not found
2009-07-27T12:26:17.423806+02:00 tuxgate pluto[10010]: "buero_michael" #1: X.509 certificate rejected
2009-07-27T12:26:17.426046+02:00 tuxgate pluto[10010]: "buero_michael" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
2009-07-27T12:26:17.426391+02:00 tuxgate pluto[10010]: "buero_michael" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=aes_128 prf=oakley_md5 group=modp1536}
2009-07-27T12:26:17.426826+02:00 tuxgate pluto[10010]: "buero_michael" #1: Dead Peer Detection (RFC 3706): enabled
2009-07-27T12:26:17.427775+02:00 tuxgate pluto[10010]: "buero_michael" #2: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEv2ALLOW {using isakmp#1 msgid:60b23cae proposal=AES(12)_128-MD5(1)_128, AES(12)_128-SHA1(2)_16
0, AES(12)_192-MD5(1)_128, AES(12)_192-SHA1(2)_160, AES(12)_256-MD5(1)_128, AES(12)_256-SHA1(2)_160, 3DES(3)_192-MD5(1)_128, 3DES(3)_192-SHA1(2)_160 pfsgroup=OAKLEY_GROUP_MODP1536}
2009-07-27T12:26:17.649750+02:00 tuxgate pluto[10015]: pluto_crypto_helper: helper (0) is  normal exiting



More information about the Users mailing list