[Openswan Users] 2.6.24rc1 (klips) segfault on client ip change

David McCullough David_Mccullough at securecomputing.com
Wed Oct 28 02:48:16 EDT 2009 

Jivin Sven Schiwek lays it down ...
> Hi,
> 
> with Openswan 2.6.24rc1 (klips) on Kernel 2.6.30.9 the pluto process  
> dies if the client ip has changed (not NATed) with this syslog message:
> 
> ----8<----
> Oct 27 10:05:50 enterprise ipsec__plutorun: /usr/local/lib/ipsec/ 
> _plutorun: line 245: 17205 Segmentation fault      /usr/local/libexec/ 
> ipsec/pluto --nofork --secretsf
> ile /etc/ipsec.secrets --ipsecdir /etc/ipsec.d --use-auto --uniqueids  
> --nat_traversal --virtual_private  
> %v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16 --nhelpers 0
> Oct 27 10:05:50 enterprise kernel: [128078.705452] pluto[17205]:  
> segfault at 208 ip 000000000041c5ef sp 00007fffefce2560 error 4 in  
> pluto[400000+102000]Oct 27 10:05:50 enterprise ipsec__plutorun: !pluto  
> failure!:  exited with error status 139 (signal 11)
> Oct 27 10:05:50 enterprise ipsec__plutorun: restarting IPsec after  
> pause...
> ---->8----
> 
> 
>  From the ongoing discussion "L2TP/IPSEC response unencrypted (was  
> openswan-2.6.24rc1 NATed MacOS Kernel crash)" I have installed the  
> first patch from David "natt-oa.patch" (don't know if this is relevant).

Unfortunately it's not.  This was a klips kernel oops,  not a pluto crash.
Perhaps someone can run you through getting a stack trace out of pluto ?
I can't say it's something I do enough to know the best way on a desktop
system ;-)

Cheers,
Davidm

> The client site is a Linksys RV042 ipsec dsl router.
> 
> Has some one else this problem?
> Thanks,
> Sven
> 
> 
> The ipsec.conf:
> ----8<----
> version	2.0
> 
> config setup
> 	interfaces="ipsec0=eth0 ipsec1=eth0:3"
> 	virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
> 	nat_traversal=yes
>          plutowait=yes
>          nhelpers=0
>          klipsdebug=none
>          plutodebug=none
>          uniqueids=yes
> 
> conn rv042
> 	type=tunnel
> 	compress=no
> 	authby=secret
> 	pfs=no
> 	keyingtries=1
> 	ikelifetime=12h
> 	keylife=12h
> 	rekey=no
> 	left=xxx.xxx.xxx.xxx
>   	leftsubnet=0.0.0.0/0
> 	right=%any
>   	rightsubnet=192.168.11.0/24
> 	auto=add
> 	dpddelay=30
> 	dpdtimeout=120
> 	dpdaction=restart
> 
> conn block
>      auto=ignore
> 
> conn private
>      auto=ignore
> 
> conn private-or-clear
>      auto=ignore
> 
> conn clear-or-private
>      auto=ignore
> 
> conn clear
>      auto=ignore
> 
> conn packetdefault
>      auto=ignore
> ---->8----
> 
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan: 
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
> 
> 

-- 
David McCullough,  david_mccullough at securecomputing.com,  Ph:+61 734352815
McAfee - SnapGear  http://www.snapgear.com                http://www.uCdot.org

More information about the Users mailing list