[Openswan Users] Openswan doesn't starts because pluto is down
Jorge Jimenez
jorge.jimenez at pross.com
Mon Jan 11 14:03:11 EST 2010
Hi all,
Finally I uninstall openswan and install it again. Now it starts but pluto is logging a segmentation fault.
This is my messages log output:
Jan 11 22:01:29 pross-mon01 ipsec_setup: Stopping Openswan IPsec...
Jan 11 22:01:29 pross-mon01 ipsec_setup: Removing orphaned /var/run/pluto/pluto.pid:
Jan 11 22:01:30 pross-mon01 kernel: NET: Unregistered protocol family 15
Jan 11 22:01:30 pross-mon01 ipsec_setup: ...Openswan IPsec stopped
Jan 11 22:01:30 pross-mon01 kernel: NET: Registered protocol family 15
Jan 11 22:01:30 pross-mon01 ipsec_setup: Restarting Openswan IPsec U2.6.21/K2.6.18-164.el5...
Jan 11 22:01:30 pross-mon01 ipsec_setup: Using NETKEY(XFRM) stack
Jan 11 22:01:30 pross-mon01 kernel: padlock: VIA PadLock not detected.
Jan 11 22:01:30 pross-mon01 kernel: padlock: VIA PadLock not detected.
Jan 11 22:01:30 pross-mon01 ipsec_setup: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
Jan 11 22:01:30 pross-mon01 ipsec_setup: ...Openswan IPsec started
Jan 11 22:01:30 pross-mon01 pluto: adjusting ipsec.d to /etc/ipsec.d
Jan 11 22:01:30 pross-mon01 ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d
Jan 11 22:01:30 pross-mon01 ipsec__plutorun: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
Jan 11 22:01:30 pross-mon01 last message repeated 2 times
Jan 11 22:01:31 pross-mon01 ipsec__plutorun: 002 Non-fips mode set in /proc/sys/crypto/fips_enabled
Jan 11 22:01:31 pross-mon01 ipsec__plutorun: 002 Non-fips mode set in /proc/sys/crypto/fips_enabled
Jan 11 22:01:31 pross-mon01 ipsec__plutorun: 002 added connection description "iberobrico"
Jan 11 22:01:31 pross-mon01 ipsec__plutorun: /usr/libexec/ipsec/_plutorun: line 232: 6116 Segmentation fault /usr/libexec/ipsec/pluto --nofork --secretsfile /etc/ipsec.secrets --ipsecdir /etc/ipsec.d --use-netkey --uniqueids --nat_traversal
Jan 11 22:01:31 pross-mon01 ipsec__plutorun: !pluto failure!: exited with error status 139 (signal 11)
Jan 11 22:01:31 pross-mon01 ipsec__plutorun: restarting IPsec after pause...
This is my secure log output:
Jan 11 22:01:19 pross-mon01 pluto[5764]: | oakley_alg_makedb() ike enc ealg=1 not present
Jan 11 22:01:30 pross-mon01 ipsec__plutorun: Restarting Pluto subsystem...
Jan 11 22:01:30 pross-mon01 pluto[6116]: nss directory plutomain: /etc/ipsec.d
Jan 11 22:01:30 pross-mon01 pluto[6116]: NSS Initialized
Jan 11 22:01:30 pross-mon01 pluto[6116]: Non-fips mode set in /proc/sys/crypto/fips_enabled
Jan 11 22:01:30 pross-mon01 pluto[6116]: Non-fips mode set in /proc/sys/crypto/fips_enabled
Jan 11 22:01:30 pross-mon01 pluto[6116]: Starting Pluto (Openswan Version 2.6.21; Vendor ID OE~q\177kZNr}Wk) pid:6116
Jan 11 22:01:30 pross-mon01 pluto[6116]: Setting NAT-Traversal port-4500 floating to on
Jan 11 22:01:30 pross-mon01 pluto[6116]: port floating activation criteria nat_t=1/port_float=1
Jan 11 22:01:30 pross-mon01 pluto[6116]: including NAT-Traversal patch (Version 0.6c)
Jan 11 22:01:30 pross-mon01 pluto[6116]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)
Jan 11 22:01:30 pross-mon01 pluto[6116]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
Jan 11 22:01:30 pross-mon01 pluto[6116]: ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
Jan 11 22:01:30 pross-mon01 pluto[6116]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
Jan 11 22:01:30 pross-mon01 pluto[6116]: ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
Jan 11 22:01:30 pross-mon01 pluto[6116]: ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
Jan 11 22:01:30 pross-mon01 pluto[6116]: ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
Jan 11 22:01:30 pross-mon01 pluto[6116]: starting up 1 cryptographic helpers
Jan 11 22:01:30 pross-mon01 pluto[6116]: main fd(10) helper fd(11)
Jan 11 22:01:30 pross-mon01 pluto[6116]: started helper (thread) pid=-1208312944 (fd:10)
Jan 11 22:01:30 pross-mon01 pluto[6116]: Using Linux 2.6 IPsec interface code on 2.6.18-164.el5 (experimental code)
Jan 11 22:01:30 pross-mon01 pluto[6116]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names
Jan 11 22:01:30 pross-mon01 pluto[6116]: ike_alg_register_enc(): Activating <NULL>: Ok (ret=0)
Jan 11 22:01:30 pross-mon01 pluto[6116]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names
Jan 11 22:01:30 pross-mon01 pluto[6116]: ike_alg_add(): ERROR: Algorithm already exists
Jan 11 22:01:30 pross-mon01 pluto[6116]: ike_alg_register_enc(): Activating <NULL>: FAILED (ret=-17)
Jan 11 22:01:30 pross-mon01 pluto[6116]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names
Jan 11 22:01:30 pross-mon01 pluto[6116]: ike_alg_add(): ERROR: Algorithm already exists
Jan 11 22:01:30 pross-mon01 pluto[6116]: ike_alg_register_enc(): Activating <NULL>: FAILED (ret=-17)
Jan 11 22:01:30 pross-mon01 pluto[6116]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names
Jan 11 22:01:30 pross-mon01 pluto[6116]: ike_alg_add(): ERROR: Algorithm already exists
Jan 11 22:01:30 pross-mon01 pluto[6116]: ike_alg_register_enc(): Activating <NULL>: FAILED (ret=-17)
Jan 11 22:01:30 pross-mon01 pluto[6116]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names
Jan 11 22:01:30 pross-mon01 pluto[6116]: ike_alg_add(): ERROR: Algorithm already exists
Jan 11 22:01:30 pross-mon01 pluto[6116]: ike_alg_register_enc(): Activating <NULL>: FAILED (ret=-17)
Jan 11 22:01:30 pross-mon01 pluto[6116]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names
Jan 11 22:01:30 pross-mon01 pluto[6116]: ike_alg_add(): ERROR: Algorithm already exists
Jan 11 22:01:30 pross-mon01 pluto[6116]: ike_alg_register_enc(): Activating <NULL>: FAILED (ret=-17)
Jan 11 22:01:31 pross-mon01 pluto[6116]: Could not change to directory '/etc/ipsec.d/cacerts': /etc
Jan 11 22:01:31 pross-mon01 pluto[6116]: Could not change to directory '/etc/ipsec.d/aacerts': /etc
Jan 11 22:01:31 pross-mon01 pluto[6116]: Could not change to directory '/etc/ipsec.d/ocspcerts': /etc
Jan 11 22:01:31 pross-mon01 pluto[6116]: Could not change to directory '/etc/ipsec.d/crls'
Jan 11 22:01:31 pross-mon01 pluto[6116]: Non-fips mode set in /proc/sys/crypto/fips_enabled
Jan 11 22:01:31 pross-mon01 pluto[6116]: Non-fips mode set in /proc/sys/crypto/fips_enabled
Jan 11 22:01:31 pross-mon01 pluto[6116]: added connection description "iberobrico"
Jan 11 22:01:31 pross-mon01 pluto[6116]: listening for IKE messages
Jan 11 22:01:31 pross-mon01 pluto[6116]: adding interface eth0/eth0 10.10.100.18:500
Jan 11 22:01:31 pross-mon01 pluto[6116]: adding interface eth0/eth0 10.10.100.18:4500
Jan 11 22:01:31 pross-mon01 pluto[6116]: adding interface lo/lo 127.0.0.1:500
Jan 11 22:01:31 pross-mon01 pluto[6116]: adding interface lo/lo 127.0.0.1:4500
Jan 11 22:01:31 pross-mon01 pluto[6116]: adding interface lo/lo ::1:500
Jan 11 22:01:31 pross-mon01 pluto[6116]: loading secrets from "/etc/ipsec.secrets"
Jan 11 22:01:31 pross-mon01 pluto[6116]: loading secrets from "/etc/ipsec.d/ipsec.secrets"
Jan 11 22:01:31 pross-mon01 pluto[6116]: "iberobrico" #1: initiating Main Mode
Jan 11 22:01:31 pross-mon01 pluto[6116]: | oakley_alg_makedb() ike enc ealg=1 not present
And this is my ipsec.conf file:
version 2.0
config setup
protostack=netkey
nat_traversal=yes
interfaces=%defaultroute
conn iberobrico
type=transport
left=10.10.100.18 (my eth0 linux ip)
leftsubnet=10.10.100.0/24
leftnexthop=10.10.100.1
right=xxx.xxx.xxx.xxx (public ip of my clients vpn terminal)
rightsubnet=10.50.220.0/24 (inside network when I want to connect from my linux machine)
rightnexthop=%defaultroute
authby=secret
ike=des-md5
phase2alg=3des-sha1
auto=start
Please, could someone help me?
Thanks and kind regards
Jorge Jiménez Miguélez
Avinguda Diagonal, 605 - 4ª Planta
08028 - Barcelona
Tel.: 902 01 35 34 - Móvil: 669 83 08 76
http://www.pross.com
-----Mensaje original-----
De: Jorge Jimenez
Enviado el: martes, 05 de enero de 2010 16:44
Para: Paul Wouters
CC: Tuomo Soini; users at openswan.org; Ondrej Valousek; Jorge Jimenez
Asunto: RE: [Openswan Users] Openswan doesn't starts because pluto is down
Hi,
Finally, I did: patch -p1 -s < "patch-file" in /usr/libexec/ipsec directory, and it asked me again for a file, then I did it in /usr/sbin directory and it asked again...
Then I tried: patch < "patch-file" and when It asked me for a file, I answer /usr/sbin/ipsec.
Now, I have the same 3 lines in secure log, but in messages log I have:
Jan 5 09:54:02 pross-mon01 ipsec_setup: Stopping Openswan IPsec...
Jan 5 09:54:02 pross-mon01 kernel: NET: Unregistered protocol family 15
Jan 5 09:54:02 pross-mon01 ipsec_setup: ...Openswan IPsec stopped
Jan 5 09:54:02 pross-mon01 kernel: NET: Registered protocol family 15
Jan 5 09:54:02 pross-mon01 ipsec_setup: Using NETKEY(XFRM) stack
Jan 5 09:54:02 pross-mon01 ipsec_setup: Starting Openswan IPsec U2.6.24rc3/K2.6.18-164.el5...
Jan 5 09:54:02 pross-mon01 kernel: padlock: VIA PadLock not detected.
Jan 5 09:54:02 pross-mon01 kernel: padlock: VIA PadLock not detected.
Jan 5 09:54:02 pross-mon01 ipsec_setup: ...Openswan IPsec started
Jan 5 09:54:03 pross-mon01 pluto: adjusting ipsec.d to /etc/ipsec.d
Jan 5 09:54:03 pross-mon01 ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d
Jan 5 09:54:03 pross-mon01 ipsec__plutorun: whack: read() failed (104 Connection reset by peer)
Jan 5 09:54:03 pross-mon01 ipsec__plutorun: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
Jan 5 09:54:03 pross-mon01 last message repeated 2 times
Jan 5 09:54:03 pross-mon01 ipsec__plutorun: pluto apparently already running (?!?), giving up
What do you think about?
Thanks and kind regards
Jorge Jiménez Miguélez
Avinguda Diagonal, 605 - 4ª Planta
08028 - Barcelona
Tel.: 902 01 35 34 - Móvil: 669 83 08 76
http://www.pross.com
-----Mensaje original-----
De: Paul Wouters [mailto:paul at xelerance.com]
Enviado el: lunes, 04 de enero de 2010 22:16
Para: Jorge Jimenez
CC: Tuomo Soini; users at openswan.org
Asunto: Re: [Openswan Users] Openswan doesn't starts because pluto is down
On Mon, 4 Jan 2010, Jorge Jimenez wrote:
> Hi Tuomo,
>
> I try your patch but it ask me for a file, what file?
>
>
> [root at pross-mon01 tmp]# patch < openswan.git-b451d26f471a5348fa8e2d16d74dace588825ae4.patch
> (Stripping trailing CRs from patch.)
> can't find file to patch at input line 15
> Perhaps you should have used the -p or --strip option?
Go into your openswan directory, then use patch -p1 -s < openswan.git-b451d26f471a5348fa8e2d16d74dace588825ae4.patch
Paul
More information about the Users
mailing list