[Openswan Users] nss DH woes

Avesh Agarwal avagarwa at redhat.com
Tue Jul 26 07:23:51 EDT 2011 

On 07/26/2011 06:48 AM, Kevin Keane wrote:
> Hello Avesh,
>
> Thank you so much! The log I sent was everything that I found in /var/log/secure with plutodebug=all; the only thing I did was scramble machine names and IP addresses since that could be sensitive.
>
> I added a report to bugzilla as #725699, but did not yet add the barf. There seems to be quite a bit of sensitive information in the barf, such as my iptables firewall configuration, my Sonicwall S/N, etc., things that I'd prefer not to have on bugzilla. Would you mind if I sent it to you by private email?
>
> Also, when the problem actually happens, my system becomes inaccessible. I have to then turn off ipsec on the other end. So the barf does not represent the exact moment the problem occurs; I took the barf a few minutes later (with the certs causing the problem still in the database).
>
> As for the steps I did to configure Openswan: it is the standard CentOS 5.6 Openswan RPM. openswan-2.6.21-5.el5_6.4 . So other than fiddling with the configuration, I have not done anything unusual.
>
> Come to think about it - is it possible that this is a kernel problem? This VM runs on a Rackspace VM, with a Rackspace kernel instead of a stock CentOS kernel.
>
It does not seem to be a kernel at first issue as IKE exchange takes 
place in user space and NSS library is also user space. However, it is 
surprising why it is happening.
>> Hello Paul, Kevin,
>> I can have a look at it. Kevin can you please put a complete output of ipsec barf  instead of truncated ones somewhere, may be on bugzilla.redhat.com? Also, if you can provide the exact steps you followed to configure openswan that would also help.
>> -- 
>> Thanks and Regards
>> Avesh
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155


-- 
Thanks and Regards
Avesh

More information about the Users mailing list