[Openswan Users] Openswan with L2TP
Sven Schiwek
ml-openswan at svenux.de
Mon Sep 28 16:02:07 EDT 2009
On Sep 23, 2009, at 7:14 PM, Paul Wouters wrote:
> On Wed, 23 Sep 2009, Vincent Bernat wrote:
>
>>> Yes. Bug #1004 has been partially solved, but there is a still a
>>> wrong policy
>>> added to the kernel when using NETKEY with L2TP clients behind NAT.
>>
>> This means that 2.6.23 can be used for L2TP with KLIPS?
>
> As far as I know that should work, yes.
>
Hi,
I have set up an Openswan 2.6.23 configuration with L2TP and KLIPS but
on the first connection from MacOS the Linux Server crashed with a
Kernel panic.
Now I'm using Openswan 2.4.15 with Kernel 2.6.23.17 again - I thought
I could upgrade to Kernel 2.6.30 and Openswan 2.6.23...
Any help is greatly appreciated.
Sven
ipsec.conf:
----8<----
version 2.0
config setup
interfaces="ipsec0=eth0 ipsec1=eth0:3"
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
nat_traversal=yes
plutowait=yes
nhelpers=0
klipsdebug=none
plutodebug=none
uniqueids=yes
conn MACOS
compress=no
authby=secret
pfs=no
keyingtries=3
rekey=no
#
left=xxx.xxx.xxx.xxx
leftprotoport=17/1701
#
right=%any
rightprotoport=17/%any
rightsubnet=vhost:%priv,%no
auto=add
dpddelay=30
dpdtimeout=120
dpdaction=clear
---->8----
Kernel Panic:
----8<----
BUG: unable to handle kernel NULL pointer dereference at
0000000000000270
IP: [<ffffffffa03da3c5>] ipsec_rcv_cleanup+0x116/0x671 [ipsec]
PGD 0
Oops: 0000 [#1] SMP
last sysfs file: /sys/devices/
pci0000:00/0000:00:09.0/0000:10:00.0/0000:11:04.0/class
CPU 3
Modules linked in: xt_multiport vmnet vmci vmmon appletalk psnap llc
ipsec ccm serpent blowfish twofish twofish_common ecb xcbc
sha512_generic des_generic pppoe pppox ppp_generic slhc ipt_LOG
xt_recent ipt_MASQUERADE xt_tcpudp iptable_nat nf_nat
nf_conntrack_ipv4 nf_conntrack nf_defrag_ipv4 iptable_filter ip_tables
x_tables nfsd exportfs nfs lockd nfs_acl auth_rpcgss sunrpc ipv6
ipmi_devintf ipmi_si ipmi_msghandler mptctl sg i2c_piix4 i2c_core
container rtc_cmos rtc_core rtc_lib processor button evdev
sha256_generic aes_x86_64 aes_generic cbc dm_crypt dm_mirror
dm_region_hash dm_log dm_snapshot dm_mod pata_serverworks ehci_hcd
ohci_hcd sata_svw tg3 libphy mptsas mptscsih mptbase
scsi_transport_sas usbcore libata serverworks thermal fan thermal_sys
Pid: 0, comm: swapper Not tainted 2.6.30-svenux-12 #2 PRIMERGY RX330 S1
RIP: 0010:[<ffffffffa03da3c5>] [<ffffffffa03da3c5>] ipsec_rcv_cleanup
+0x116/0x671 [ipsec]
RSP: 0018:ffff88002806da50 EFLAGS: 00010212
RAX: ffff8800c4620800 RBX: ffff8800c46a1d90 RCX: 0000000000000000
RDX: 000000000000000b RSI: 00000000ffffdb05 RDI: 0000000000000000
RBP: ffff88002806db30 R08: ffff880125f08064 R09: ffff880125f08050
R10: 0000000000000020 R11: 00000000000000ff R12: 0000000000000000
R13: 0000000000000000 R14: ffff880125f08050 R15: ffff88012649b0c0
FS: 00007f59506596e0(0000) GS:ffff88002806a000(0000) knlGS:
0000000000000000
CS: 0010 DS: 0018 ES: 0018 CR0: 000000008005003b
CR2: 0000000000000270 CR3: 0000000000201000 CR4: 00000000000006e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process swapper (pid: 0, threadinfo ffff880127ad8000, task
ffff880127accc10)
Stack:
0000000000000000 ffffffffa041fa80 0000000000000000 ffff880125f08054
ffff88002806da80 ffffffffa03f0f07 ffff88002806dad0 ffffffffa03e9411
57ec91c29e1547ed ffff8800c4620800 0000000000000018 ffff8800c46a1d90
Call Trace:
<IRQ> <0> [<ffffffffa03f0f07>] ? _aes_cbc_encrypt+0xf/0x11 [ipsec]
[<ffffffffa03e9411>] ? ipsec_rcv_esp_post_decrypt+0x315/0x349 [ipsec]
[<ffffffffa03dacce>] ? ipsec_rcv_decap_cont+0x46/0x51a [ipsec]
[<ffffffffa03dbbd0>] ipsec_rsm+0xd7/0x2c4 [ipsec]
[<ffffffffa03dbe91>] klips26_rcv_encap+0xd4/0xf3 [ipsec]
[<ffffffffa03dc1b9>] klips26_udp_encap_rcv+0x284/0x2a3 [ipsec]
[<ffffffff8040e714>] udp_queue_rcv_skb+0xec/0x25b
[<ffffffff8040ed3f>] __udp4_lib_rcv+0x4bc/0x78d
[<ffffffff803e951f>] ? nf_iterate+0x43/0x80
[<ffffffff803ef91e>] ? ip_local_deliver_finish+0x0/0x1fc
[<ffffffff803e95bf>] ? nf_hook_slow+0x63/0xc3
[<ffffffff8040f025>] udp_rcv+0x15/0x17
[<ffffffff803efa42>] ip_local_deliver_finish+0x124/0x1fc
[<ffffffff803efb8c>] ip_local_deliver+0x72/0x7a
[<ffffffff803ef668>] ip_rcv_finish+0x2e8/0x302
[<ffffffff803ef8e7>] ip_rcv+0x265/0x29c
[<ffffffff803d05cd>] netif_receive_skb+0x3d5/0x3fa
[<ffffffff803d072a>] napi_skb_finish+0x28/0x3f
[<ffffffff803d0b01>] napi_gro_receive+0x22/0x27
[<ffffffffa00ccb49>] tg3_poll+0x6be/0x8f2 [tg3]
[<ffffffff803ceaee>] net_rx_action+0x71/0x132
[<ffffffff80238032>] __do_softirq+0x70/0x106
[<ffffffff8020ca7c>] call_softirq+0x1c/0x28
[<ffffffff8020e2bc>] do_softirq+0x34/0x72
[<ffffffff80237bc6>] irq_exit+0x3f/0x41
[<ffffffff8020dba1>] do_IRQ+0xac/0xc3
[<ffffffff8020c353>] ret_from_intr+0x0/0xa
<EOI> <0> [<ffffffff80290200>] get_empty_filp+0x65/0x15a
[<ffffffff80212384>] ? default_idle+0x2b/0x40
[<ffffffff80212672>] c1e_idle+0xe1/0xe8
[<ffffffff8024909d>] ? atomic_notifier_call_chain+0x13/0x15
[<ffffffff8020ad9f>] cpu_idle+0x48/0x84
[<ffffffff804443df>] start_secondary+0x195/0x19a
Code: 99 62 ff ff 48 8b 43 18 48 c7 83 d0 00 00 00 00 00 00 00 4c 89
63 18 48 89 43 20 80 bb 30 01 00 00 00 74 7a 41 80 7e 09 04 74 73 <49>
8b 85 70 02 00 00 48 85 c0 74 67 8b 40 04 85 c0 74 60 41 89
RIP [<ffffffffa03da3c5>] ipsec_rcv_cleanup+0x116/0x671 [ipsec]
RSP <ffff88002806da50>
CR2: 0000000000000270
---[ end trace 312c552888da114b ]---
Kernel panic - not syncing: Fatal exception in interrupt
Pid: 0, comm: swapper Tainted: G D 2.6.30-svenux-12 #2
Call Trace:
<IRQ> [<ffffffff80446b33>] panic+0xa0/0x14b
[<ffffffff8020c493>] ? apic_timer_interrupt+0x13/0x20
[<ffffffff8020f4b6>] ? oops_end+0x6b/0xba
[<ffffffff8020f4f5>] oops_end+0xaa/0xba
[<ffffffff8022262b>] no_context+0x1ed/0x1fc
[<ffffffff802227cc>] __bad_area_nosemaphore+0x192/0x1b8
[<ffffffff8027312e>] ? zone_statistics+0x60/0x65
[<ffffffff80222800>] bad_area_nosemaphore+0xe/0x10
[<ffffffff80222a73>] do_page_fault+0xf0/0x1d5
[<ffffffff8044948f>] page_fault+0x1f/0x30
[<ffffffffa03da3c5>] ? ipsec_rcv_cleanup+0x116/0x671 [ipsec]
[<ffffffffa03f0f07>] ? _aes_cbc_encrypt+0xf/0x11 [ipsec]
[<ffffffffa03e9411>] ? ipsec_rcv_esp_post_decrypt+0x315/0x349 [ipsec]
[<ffffffffa03dacce>] ? ipsec_rcv_decap_cont+0x46/0x51a [ipsec]
[<ffffffffa03dbbd0>] ipsec_rsm+0xd7/0x2c4 [ipsec]
[<ffffffffa03dbe91>] klips26_rcv_encap+0xd4/0xf3 [ipsec]
[<ffffffffa03dc1b9>] klips26_udp_encap_rcv+0x284/0x2a3 [ipsec]
[<ffffffff8040e714>] udp_queue_rcv_skb+0xec/0x25b
[<ffffffff8040ed3f>] __udp4_lib_rcv+0x4bc/0x78d
[<ffffffff803e951f>] ? nf_iterate+0x43/0x80
[<ffffffff803ef91e>] ? ip_local_deliver_finish+0x0/0x1fc
[<ffffffff803e95bf>] ? nf_hook_slow+0x63/0xc3
[<ffffffff8040f025>] udp_rcv+0x15/0x17
[<ffffffff803efa42>] ip_local_deliver_finish+0x124/0x1fc
[<ffffffff803efb8c>] ip_local_deliver+0x72/0x7a
[<ffffffff803ef668>] ip_rcv_finish+0x2e8/0x302
[<ffffffff803ef8e7>] ip_rcv+0x265/0x29c
[<ffffffff803d05cd>] netif_receive_skb+0x3d5/0x3fa
[<ffffffff803d072a>] napi_skb_finish+0x28/0x3f
[<ffffffff803d0b01>] napi_gro_receive+0x22/0x27
[<ffffffffa00ccb49>] tg3_poll+0x6be/0x8f2 [tg3]
[<ffffffff803ceaee>] net_rx_action+0x71/0x132
[<ffffffff80238032>] __do_softirq+0x70/0x106
[<ffffffff8020ca7c>] call_softirq+0x1c/0x28
[<ffffffff8020e2bc>] do_softirq+0x34/0x72
[<ffffffff80237bc6>] irq_exit+0x3f/0x41
[<ffffffff8020dba1>] do_IRQ+0xac/0xc3
[<ffffffff8020c353>] ret_from_intr+0x0/0xa
<EOI> [<ffffffff80290200>] get_empty_filp+0x65/0x15a
[<ffffffff80212384>] ? default_idle+0x2b/0x40
[<ffffffff80212672>] c1e_idle+0xe1/0xe8
[<ffffffff8024909d>] ? atomic_notifier_call_chain+0x13/0x15
[<ffffffff8020ad9f>] cpu_idle+0x48/0x84
[<ffffffff804443df>] start_secondary+0x195/0x19a
---->8----
More information about the Users
mailing list