[Openswan Users] Pluto segfault on openswan-2.6.23
Giovani Moda
giovani at mrinformatica.com.br
Fri Oct 2 15:40:31 EDT 2009
Hello again,
After kernel crashes with kernel-2.6.18 (CentOS) and 2.6.23 (FC7) with
openswan-2.6.23 KLIPS, I decided to give fedora9 with kernel 2.6.27.25 a
try. I can compile and install openswan-2.6.23 and KLIPS module, but
when connecting a L2TP/IPSEC client (vista) I get:
/var/log/messages:
Oct 2 12:34:26 inet ipsec__plutorun: /usr/local/lib/ipsec/_plutorun:
line 232: 2286 Segmentation fault /usr/local/libexec/ipsec/pluto
--nofork --secretsfile /etc/ipsec.secrets --ipsecdir /etc/ipsec.d
--use-klips --uniqueids --nat_traversal --virtual_private
%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:!192.168.0.0/24,%v4:172.16.0.0/12
Oct 2 12:34:26 inet ipsec__plutorun: !pluto failure!: exited with
error status 139 (signal 11)
/var/log/secure:
Oct 2 12:34:26 inet pluto[2286]: packet from 192.168.1.5:500: ignoring
Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000006]
Oct 2 12:34:26 inet pluto[2286]: packet from 192.168.1.5:500: received
Vendor ID payload [RFC 3947] method set to=109
Oct 2 12:34:26 inet pluto[2286]: packet from 192.168.1.5:500: received
Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but
already using method 109
Oct 2 12:34:26 inet pluto[2286]: packet from 192.168.1.5:500: ignoring
Vendor ID payload [FRAGMENTATION]
Oct 2 12:34:26 inet pluto[2286]: packet from 192.168.1.5:500: ignoring
Vendor ID payload [MS-Negotiation Discovery Capable]
Oct 2 12:34:26 inet pluto[2286]: packet from 192.168.1.5:500: ignoring
Vendor ID payload [Vid-Initial-Contact]
Oct 2 12:34:26 inet pluto[2286]: packet from 192.168.1.5:500: ignoring
Vendor ID payload [IKE CGA version 1]
Oct 2 12:34:26 inet pluto[2286]: "MR-Empresa"[1] 192.168.1.5 #1:
responding to Main Mode from unknown peer 192.168.1.5
Oct 2 12:34:26 inet pluto[2286]: "MR-Empresa"[1] 192.168.1.5 #1:
OAKLEY_GROUP 20 not supported. Attribute OAKLEY_GROUP_DESCRIPTION
Oct 2 12:34:26 inet pluto[2286]: "MR-Empresa"[1] 192.168.1.5 #1:
OAKLEY_GROUP 19 not supported. Attribute OAKLEY_GROUP_DESCRIPTION
Oct 2 12:34:26 inet pluto[2286]: "MR-Empresa"[1] 192.168.1.5 #1:
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Oct 2 12:34:26 inet pluto[2286]: "MR-Empresa"[1] 192.168.1.5 #1:
STATE_MAIN_R1: sent MR1, expecting MI2
Oct 2 12:34:26 inet pluto[2286]: "MR-Empresa"[1] 192.168.1.5 #1:
NAT-Traversal: Result using RFC 3947 (NAT-Traversal): peer is NATed
Oct 2 12:34:26 inet pluto[2286]: "MR-Empresa"[1] 192.168.1.5 #1:
transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Oct 2 12:34:26 inet pluto[2286]: "MR-Empresa"[1] 192.168.1.5 #1:
STATE_MAIN_R2: sent MR2, expecting MI3
Oct 2 12:34:26 inet pluto[2286]: "MR-Empresa"[1] 192.168.1.5 #1: Main
mode peer ID is ID_DER_ASN1_DN: 'C=BR, ST=Sao Paulo, L=Piracicaba,
O=Teste, CN=mr.testdomain.com.br'
Oct 2 12:34:26 inet pluto[2286]: "MR-Empresa"[1] 192.168.1.5 #1: I am
sending my cert
Oct 2 12:34:26 inet pluto[2286]: "MR-Empresa"[1] 192.168.1.5 #1:
transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Oct 2 12:34:26 inet pluto[2286]: "MR-Empresa"[1] 192.168.1.5 #1: new
NAT mapping for #1, was 192.168.1.5:500, now 192.168.1.5:4500
Oct 2 12:34:26 inet pluto[2286]: "MR-Empresa"[1] 192.168.1.5 #1:
STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG
cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp2048}
Oct 2 12:34:26 inet pluto[2286]: "MR-Empresa"[1] 192.168.1.5 #1: the
peer proposed: 192.168.1.2/32:17/1701 -> 192.168.2.10/32:17/1701
Oct 2 12:34:26 inet pluto[2286]: "MR-Empresa"[1] 192.168.1.5 #1:
NAT-Traversal: received 2 NAT-OA. using first, ignoring others
Oct 2 12:34:26 inet pluto[2286]: "MR-Empresa"[1] 192.168.1.5 #2:
responding to Quick Mode proposal {msgid:01000000}
Oct 2 12:34:26 inet pluto[2286]: "MR-Empresa"[1] 192.168.1.5 #2:
us: 192.168.1.2<192.168.1.2>[+S=C]:17/1701
Oct 2 12:34:26 inet pluto[2286]: "MR-Empresa"[1] 192.168.1.5 #2:
them: 192.168.1.5[C=BR, ST=Sao Paulo, L=Piracicaba, O=Teste,
CN=mr.testdomain.com.br,+S=C]:17/1701===192.168.2.10/32
Oct 2 12:34:26 inet pluto[2289]: pluto_crypto_helper: helper (0) is
normal exiting
Oct 2 12:34:37 inet ipsec__plutorun: Restarting Pluto subsystem...
I've tried kernel 2.6.27.28, 2.6.27.35 and 2.6.27.35 vanilla. The
behavior is always the same. I've searched for this problem and found
similar problems with people using openswan 2.6.20 and 2.6.21 and the
recommendation is always to upgrade to 2.6.22. Unfortunately it's also
happening with openswan-2.6.23.
Any ideas? Anything I can do to provide you guys with information about
this?
I'm installing FC11 on another box now to test with a newer kernel. I'll
post the results later on.
Thanks,
Giovani
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20091002/99fb6bb9/attachment.html
More information about the Users
mailing list