[Openswan Users] 2.6.24rc1 (klips) segfault on client ip change
Sven Schiwek
ml-openswan at svenux.de
Tue Oct 27 11:32:49 EDT 2009
Hi,
with Openswan 2.6.24rc1 (klips) on Kernel 2.6.30.9 the pluto process
dies if the client ip has changed (not NATed) with this syslog message:
----8<----
Oct 27 10:05:50 enterprise ipsec__plutorun: /usr/local/lib/ipsec/
_plutorun: line 245: 17205 Segmentation fault /usr/local/libexec/
ipsec/pluto --nofork --secretsf
ile /etc/ipsec.secrets --ipsecdir /etc/ipsec.d --use-auto --uniqueids
--nat_traversal --virtual_private
%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16 --nhelpers 0
Oct 27 10:05:50 enterprise kernel: [128078.705452] pluto[17205]:
segfault at 208 ip 000000000041c5ef sp 00007fffefce2560 error 4 in
pluto[400000+102000]Oct 27 10:05:50 enterprise ipsec__plutorun: !pluto
failure!: exited with error status 139 (signal 11)
Oct 27 10:05:50 enterprise ipsec__plutorun: restarting IPsec after
pause...
---->8----
From the ongoing discussion "L2TP/IPSEC response unencrypted (was
openswan-2.6.24rc1 NATed MacOS Kernel crash)" I have installed the
first patch from David "natt-oa.patch" (don't know if this is relevant).
The client site is a Linksys RV042 ipsec dsl router.
Has some one else this problem?
Thanks,
Sven
The ipsec.conf:
----8<----
version 2.0
config setup
interfaces="ipsec0=eth0 ipsec1=eth0:3"
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
nat_traversal=yes
plutowait=yes
nhelpers=0
klipsdebug=none
plutodebug=none
uniqueids=yes
conn rv042
type=tunnel
compress=no
authby=secret
pfs=no
keyingtries=1
ikelifetime=12h
keylife=12h
rekey=no
left=xxx.xxx.xxx.xxx
leftsubnet=0.0.0.0/0
right=%any
rightsubnet=192.168.11.0/24
auto=add
dpddelay=30
dpdtimeout=120
dpdaction=restart
conn block
auto=ignore
conn private
auto=ignore
conn private-or-clear
auto=ignore
conn clear-or-private
auto=ignore
conn clear
auto=ignore
conn packetdefault
auto=ignore
---->8----
More information about the Users
mailing list