[Openswan Users] 2.6.24rc1 (klips) segfault on client ip change
David McCullough
David_Mccullough at securecomputing.com
Wed Oct 28 18:56:13 EDT 2009
Jivin Sven Schiwek lays it down ...
>
> On Oct 28, 2009, at 7:48 AM, David McCullough wrote:
> > Jivin Sven Schiwek lays it down ...
> >> Hi,
> >>
> >> with Openswan 2.6.24rc1 (klips) on Kernel 2.6.30.9 the pluto process
> >> dies if the client ip has changed (not NATed) with this syslog
> >> message:
> >>
> >> ----8<----
> [...]
> >> ---->8----
> >>
> >> From the ongoing discussion "L2TP/IPSEC response unencrypted (was
> >> openswan-2.6.24rc1 NATed MacOS Kernel crash)" I have installed the
> >> first patch from David "natt-oa.patch" (don't know if this is
> >> relevant).
> >
> > Unfortunately it's not. This was a klips kernel oops, not a pluto
> > crash.
> > Perhaps someone can run you through getting a stack trace out of
> > pluto ?
> > I can't say it's something I do enough to know the best way on a
> > desktop
> > system ;-)
>
>
>
> Hi David,
>
> sorry, it was my mistake. The Linksys router is a Road Warrior and for
> this client-type I need the option "dpdaction=clear" and not
> "dpdaction=restart" (according to the manpage).
Did that fix it ? How long was it taking to crash before ?
Was it after the client disappeared or when the client connected in
for the first time ?
> But I believe it's not normal that a wrong config option segfault the
> pluto process. If I should still analyze this problem so that some
> developer can for example add a warning message I need some debug
> assistance, because I never debugged such a large program.
If we can be sure that the problem is using dpd=restart versus
using dpd=clear, then I think that is a good start for someone else to
debug it.
Depending on how much it affects you, do a couple of rechecks that all you
need to change is the dpdaction.
If not, leave it at dpdaction=clear and just let us know how it goes :-)
Thanks,
Davidm
--
David McCullough, david_mccullough at securecomputing.com, Ph:+61 734352815
McAfee - SnapGear http://www.snapgear.com http://www.uCdot.org
More information about the Users
mailing list