[Openswan Users] nss DH woes

Richard Pickett richard.pickett at csrtechnologies.com
Tue Jul 26 19:45:05 EDT 2011


My rsa keys were 8k, I thought maybe nss was having a memory problem (like a
static-size limit), so I created a whole ca/certs suite w/ 2k keys, same
problem.

Avesh, any ideas on how much longer you'll be looking at this?

Thanks for your help!


On Tue, Jul 26, 2011 at 6:23 AM, Avesh Agarwal <avagarwa at redhat.com> wrote:

> On 07/26/2011 06:48 AM, Kevin Keane wrote:
> > Hello Avesh,
> >
> > Thank you so much! The log I sent was everything that I found in
> /var/log/secure with plutodebug=all; the only thing I did was scramble
> machine names and IP addresses since that could be sensitive.
> >
> > I added a report to bugzilla as #725699, but did not yet add the barf.
> There seems to be quite a bit of sensitive information in the barf, such as
> my iptables firewall configuration, my Sonicwall S/N, etc., things that I'd
> prefer not to have on bugzilla. Would you mind if I sent it to you by
> private email?
> >
> > Also, when the problem actually happens, my system becomes inaccessible.
> I have to then turn off ipsec on the other end. So the barf does not
> represent the exact moment the problem occurs; I took the barf a few minutes
> later (with the certs causing the problem still in the database).
> >
> > As for the steps I did to configure Openswan: it is the standard CentOS
> 5.6 Openswan RPM. openswan-2.6.21-5.el5_6.4 . So other than fiddling with
> the configuration, I have not done anything unusual.
> >
> > Come to think about it - is it possible that this is a kernel problem?
> This VM runs on a Rackspace VM, with a Rackspace kernel instead of a stock
> CentOS kernel.
> >
> It does not seem to be a kernel at first issue as IKE exchange takes
> place in user space and NSS library is also user space. However, it is
> surprising why it is happening.
> >> Hello Paul, Kevin,
> >> I can have a look at it. Kevin can you please put a complete output of
> ipsec barf  instead of truncated ones somewhere, may be on
> bugzilla.redhat.com? Also, if you can provide the exact steps you followed
> to configure openswan that would also help.
> >> --
> >> Thanks and Regards
> >> Avesh
> > _______________________________________________
> > Users at openswan.org
> > http://lists.openswan.org/mailman/listinfo/users
> > Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> > Building and Integrating Virtual Private Networks with Openswan:
> > http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
>
> --
> Thanks and Regards
> Avesh
>
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20110726/487147e4/attachment-0001.html 


More information about the Users mailing list