[Openswan Users] Openswan with L2TP

Sven Schiwek ml-openswan at svenux.de
Mon Sep 28 16:02:07 EDT 2009 

On Sep 23, 2009, at 7:14 PM, Paul Wouters wrote:

> On Wed, 23 Sep 2009, Vincent Bernat wrote:
>
>>> Yes. Bug #1004 has been partially solved, but there is a still a  
>>> wrong policy
>>> added to the kernel when using NETKEY with L2TP clients behind NAT.
>>
>> This means that 2.6.23 can be used for L2TP with KLIPS?
>
> As far as I know that should work, yes.
>



Hi,
I have set up an Openswan 2.6.23 configuration with L2TP and KLIPS but  
on the first connection from MacOS the Linux Server crashed with a  
Kernel panic.
Now I'm using Openswan 2.4.15 with Kernel 2.6.23.17 again - I thought  
I could upgrade to Kernel 2.6.30 and Openswan 2.6.23...

Any help is greatly appreciated.
Sven


ipsec.conf:
----8<----
version	2.0

config setup
	interfaces="ipsec0=eth0 ipsec1=eth0:3"
	virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
	nat_traversal=yes
         plutowait=yes
         nhelpers=0
         klipsdebug=none
         plutodebug=none
         uniqueids=yes

conn MACOS
         compress=no
         authby=secret
         pfs=no
	keyingtries=3
	rekey=no
	#
         left=xxx.xxx.xxx.xxx
         leftprotoport=17/1701
         #
         right=%any
         rightprotoport=17/%any
         rightsubnet=vhost:%priv,%no
         auto=add
	dpddelay=30
	dpdtimeout=120
	dpdaction=clear
---->8----


Kernel Panic:
----8<----
BUG: unable to handle kernel NULL pointer dereference at  
0000000000000270
IP: [<ffffffffa03da3c5>] ipsec_rcv_cleanup+0x116/0x671 [ipsec]
PGD 0
Oops: 0000 [#1] SMP
last sysfs file: /sys/devices/ 
pci0000:00/0000:00:09.0/0000:10:00.0/0000:11:04.0/class
CPU 3
Modules linked in: xt_multiport vmnet vmci vmmon appletalk psnap llc  
ipsec ccm serpent blowfish twofish twofish_common ecb xcbc  
sha512_generic des_generic pppoe pppox ppp_generic slhc ipt_LOG  
xt_recent ipt_MASQUERADE xt_tcpudp iptable_nat nf_nat  
nf_conntrack_ipv4 nf_conntrack nf_defrag_ipv4 iptable_filter ip_tables  
x_tables nfsd exportfs nfs lockd nfs_acl auth_rpcgss sunrpc ipv6  
ipmi_devintf ipmi_si ipmi_msghandler mptctl sg i2c_piix4 i2c_core  
container rtc_cmos rtc_core rtc_lib processor button evdev  
sha256_generic aes_x86_64 aes_generic cbc dm_crypt dm_mirror  
dm_region_hash dm_log dm_snapshot dm_mod pata_serverworks ehci_hcd  
ohci_hcd sata_svw tg3 libphy mptsas mptscsih mptbase  
scsi_transport_sas usbcore libata serverworks thermal fan thermal_sys
Pid: 0, comm: swapper Not tainted 2.6.30-svenux-12 #2 PRIMERGY RX330 S1
RIP: 0010:[<ffffffffa03da3c5>]  [<ffffffffa03da3c5>] ipsec_rcv_cleanup 
+0x116/0x671 [ipsec]
RSP: 0018:ffff88002806da50  EFLAGS: 00010212
RAX: ffff8800c4620800 RBX: ffff8800c46a1d90 RCX: 0000000000000000
RDX: 000000000000000b RSI: 00000000ffffdb05 RDI: 0000000000000000
RBP: ffff88002806db30 R08: ffff880125f08064 R09: ffff880125f08050
R10: 0000000000000020 R11: 00000000000000ff R12: 0000000000000000
R13: 0000000000000000 R14: ffff880125f08050 R15: ffff88012649b0c0
FS:  00007f59506596e0(0000) GS:ffff88002806a000(0000) knlGS: 
0000000000000000
CS:  0010 DS: 0018 ES: 0018 CR0: 000000008005003b
CR2: 0000000000000270 CR3: 0000000000201000 CR4: 00000000000006e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process swapper (pid: 0, threadinfo ffff880127ad8000, task  
ffff880127accc10)
Stack:
  0000000000000000 ffffffffa041fa80 0000000000000000 ffff880125f08054
  ffff88002806da80 ffffffffa03f0f07 ffff88002806dad0 ffffffffa03e9411
  57ec91c29e1547ed ffff8800c4620800 0000000000000018 ffff8800c46a1d90
Call Trace:
  <IRQ> <0> [<ffffffffa03f0f07>] ? _aes_cbc_encrypt+0xf/0x11 [ipsec]
  [<ffffffffa03e9411>] ? ipsec_rcv_esp_post_decrypt+0x315/0x349 [ipsec]
  [<ffffffffa03dacce>] ? ipsec_rcv_decap_cont+0x46/0x51a [ipsec]
  [<ffffffffa03dbbd0>] ipsec_rsm+0xd7/0x2c4 [ipsec]
  [<ffffffffa03dbe91>] klips26_rcv_encap+0xd4/0xf3 [ipsec]
  [<ffffffffa03dc1b9>] klips26_udp_encap_rcv+0x284/0x2a3 [ipsec]
  [<ffffffff8040e714>] udp_queue_rcv_skb+0xec/0x25b
  [<ffffffff8040ed3f>] __udp4_lib_rcv+0x4bc/0x78d
  [<ffffffff803e951f>] ? nf_iterate+0x43/0x80
  [<ffffffff803ef91e>] ? ip_local_deliver_finish+0x0/0x1fc
  [<ffffffff803e95bf>] ? nf_hook_slow+0x63/0xc3
  [<ffffffff8040f025>] udp_rcv+0x15/0x17
  [<ffffffff803efa42>] ip_local_deliver_finish+0x124/0x1fc
  [<ffffffff803efb8c>] ip_local_deliver+0x72/0x7a
  [<ffffffff803ef668>] ip_rcv_finish+0x2e8/0x302
  [<ffffffff803ef8e7>] ip_rcv+0x265/0x29c
  [<ffffffff803d05cd>] netif_receive_skb+0x3d5/0x3fa
  [<ffffffff803d072a>] napi_skb_finish+0x28/0x3f
  [<ffffffff803d0b01>] napi_gro_receive+0x22/0x27
  [<ffffffffa00ccb49>] tg3_poll+0x6be/0x8f2 [tg3]
  [<ffffffff803ceaee>] net_rx_action+0x71/0x132
  [<ffffffff80238032>] __do_softirq+0x70/0x106
  [<ffffffff8020ca7c>] call_softirq+0x1c/0x28
  [<ffffffff8020e2bc>] do_softirq+0x34/0x72
  [<ffffffff80237bc6>] irq_exit+0x3f/0x41
  [<ffffffff8020dba1>] do_IRQ+0xac/0xc3
  [<ffffffff8020c353>] ret_from_intr+0x0/0xa
  <EOI> <0> [<ffffffff80290200>] get_empty_filp+0x65/0x15a
  [<ffffffff80212384>] ? default_idle+0x2b/0x40
  [<ffffffff80212672>] c1e_idle+0xe1/0xe8
  [<ffffffff8024909d>] ? atomic_notifier_call_chain+0x13/0x15
  [<ffffffff8020ad9f>] cpu_idle+0x48/0x84
  [<ffffffff804443df>] start_secondary+0x195/0x19a
Code: 99 62 ff ff 48 8b 43 18 48 c7 83 d0 00 00 00 00 00 00 00 4c 89  
63 18 48 89 43 20 80 bb 30 01 00 00 00 74 7a 41 80 7e 09 04 74 73 <49>  
8b 85 70 02 00 00 48 85 c0 74 67 8b 40 04 85 c0 74 60 41 89
RIP  [<ffffffffa03da3c5>] ipsec_rcv_cleanup+0x116/0x671 [ipsec]
  RSP <ffff88002806da50>
CR2: 0000000000000270
---[ end trace 312c552888da114b ]---
Kernel panic - not syncing: Fatal exception in interrupt
Pid: 0, comm: swapper Tainted: G      D    2.6.30-svenux-12 #2
Call Trace:
  <IRQ>  [<ffffffff80446b33>] panic+0xa0/0x14b
  [<ffffffff8020c493>] ? apic_timer_interrupt+0x13/0x20
  [<ffffffff8020f4b6>] ? oops_end+0x6b/0xba
  [<ffffffff8020f4f5>] oops_end+0xaa/0xba
  [<ffffffff8022262b>] no_context+0x1ed/0x1fc
  [<ffffffff802227cc>] __bad_area_nosemaphore+0x192/0x1b8
  [<ffffffff8027312e>] ? zone_statistics+0x60/0x65
  [<ffffffff80222800>] bad_area_nosemaphore+0xe/0x10
  [<ffffffff80222a73>] do_page_fault+0xf0/0x1d5
  [<ffffffff8044948f>] page_fault+0x1f/0x30
  [<ffffffffa03da3c5>] ? ipsec_rcv_cleanup+0x116/0x671 [ipsec]
  [<ffffffffa03f0f07>] ? _aes_cbc_encrypt+0xf/0x11 [ipsec]
  [<ffffffffa03e9411>] ? ipsec_rcv_esp_post_decrypt+0x315/0x349 [ipsec]
  [<ffffffffa03dacce>] ? ipsec_rcv_decap_cont+0x46/0x51a [ipsec]
  [<ffffffffa03dbbd0>] ipsec_rsm+0xd7/0x2c4 [ipsec]
  [<ffffffffa03dbe91>] klips26_rcv_encap+0xd4/0xf3 [ipsec]
  [<ffffffffa03dc1b9>] klips26_udp_encap_rcv+0x284/0x2a3 [ipsec]
  [<ffffffff8040e714>] udp_queue_rcv_skb+0xec/0x25b
  [<ffffffff8040ed3f>] __udp4_lib_rcv+0x4bc/0x78d
  [<ffffffff803e951f>] ? nf_iterate+0x43/0x80
  [<ffffffff803ef91e>] ? ip_local_deliver_finish+0x0/0x1fc
  [<ffffffff803e95bf>] ? nf_hook_slow+0x63/0xc3
  [<ffffffff8040f025>] udp_rcv+0x15/0x17
  [<ffffffff803efa42>] ip_local_deliver_finish+0x124/0x1fc
  [<ffffffff803efb8c>] ip_local_deliver+0x72/0x7a
  [<ffffffff803ef668>] ip_rcv_finish+0x2e8/0x302
  [<ffffffff803ef8e7>] ip_rcv+0x265/0x29c
  [<ffffffff803d05cd>] netif_receive_skb+0x3d5/0x3fa
  [<ffffffff803d072a>] napi_skb_finish+0x28/0x3f
  [<ffffffff803d0b01>] napi_gro_receive+0x22/0x27
  [<ffffffffa00ccb49>] tg3_poll+0x6be/0x8f2 [tg3]
  [<ffffffff803ceaee>] net_rx_action+0x71/0x132
  [<ffffffff80238032>] __do_softirq+0x70/0x106
  [<ffffffff8020ca7c>] call_softirq+0x1c/0x28
  [<ffffffff8020e2bc>] do_softirq+0x34/0x72
  [<ffffffff80237bc6>] irq_exit+0x3f/0x41
  [<ffffffff8020dba1>] do_IRQ+0xac/0xc3
  [<ffffffff8020c353>] ret_from_intr+0x0/0xa
  <EOI>  [<ffffffff80290200>] get_empty_filp+0x65/0x15a
  [<ffffffff80212384>] ? default_idle+0x2b/0x40
  [<ffffffff80212672>] c1e_idle+0xe1/0xe8
  [<ffffffff8024909d>] ? atomic_notifier_call_chain+0x13/0x15
  [<ffffffff8020ad9f>] cpu_idle+0x48/0x84
  [<ffffffff804443df>] start_secondary+0x195/0x19a
---->8----

More information about the Users mailing list