[Openswan Users] 2.6.24rc1 (klips) segfault on client ip change

Sven Schiwek ml-openswan at svenux.de
Wed Oct 28 20:53:16 EDT 2009 

On Oct 28, 2009, at 11:56 PM, David McCullough wrote:
> Jivin Sven Schiwek lays it down ...
>>
>> On Oct 28, 2009, at 7:48 AM, David McCullough wrote:
>>> Jivin Sven Schiwek lays it down ...
>>>>
>>>> with Openswan 2.6.24rc1 (klips) on Kernel 2.6.30.9 the pluto  
>>>> process
>>>> dies if the client ip has changed (not NATed) with this syslog
>>>> message:
>>>>
>>>> ----8<----
>> [...]
>>>> ---->8----
>>>>
>>>> From the ongoing discussion "L2TP/IPSEC response unencrypted (was
>>>> openswan-2.6.24rc1 NATed MacOS Kernel crash)" I have installed the
>>>> first patch from David "natt-oa.patch" (don't know if this is
>>>> relevant).
>>>
>>> Unfortunately it's not.  This was a klips kernel oops,  not a pluto
>>> crash.
>>> Perhaps someone can run you through getting a stack trace out of
>>> pluto ?
>>> I can't say it's something I do enough to know the best way on a
>>> desktop
>>> system ;-)
>>
>>
>>
>> Hi David,
>>
>> sorry, it was my mistake. The Linksys router is a Road Warrior and  
>> for
>> this client-type I need the option "dpdaction=clear" and not
>> "dpdaction=restart" (according to the manpage).
>
> Did that fix it ?  How long was it taking to crash before ?
> Was it after the client disappeared or when the client connected in
> for the first time ?
>
>> But I believe it's not normal that a wrong config option segfault the
>> pluto process. If I should still analyze this problem so that some
>> developer can for example add a warning message I need some debug
>> assistance, because I never debugged such a large program.
>
> If we can be sure that the problem is using dpd=restart versus
> using dpd=clear,  then I think that is a good start for someone else  
> to
> debug it.
>
> Depending on how much it affects you,  do a couple of rechecks that  
> all you
> need to change is the dpdaction.
>
> If not,  leave it at dpdaction=clear and just let us know how it  
> goes :-)
>


Hi,

I have retested the VPN connection and can definitely say that the  
dpdaction=clear is working with Road Warriors.

With the option dpdaction=restart the pluto process dies approximate 2  
minutes after the client disappear which is not surprising with the  
option "dpdtimeout=120". The first initial connection is working  
without any problems.

I hope this infos are helpful. Cheers,
Sven

More information about the Users mailing list