[Openswan Users] ipsec__plutorun: !pluto failure!: exited with error status 134 (signal 6)
Chen, Xuli (James)
chenja at avaya.com
Mon Oct 3 13:41:21 EDT 2011
The change log says it was fixed in V2.4.0, but I'm getting it from 2.6.21.
v2.4.0 (Sep 12, 2005)
* NAT-T support for KLIPS on 2.6 (Sponsored by Astaro)
* Additional Cipher support with KLIPS on 2.6 (Sponsored by Astaro)
* Fix for NAT-T/PSK rekey (Ulrich @ Astaro)
* Delete _updown.c and _updown.posix versions as they were obsolete
* Fixes for aggressive mode and policy mode
* Various bugfixes as reported on http://bugs.openswan.org/
#201 pluto not accepting negotiations on port 500 after port floating to 4500
#249 two default routes confuses scripts
#261 2 RW's w/DPD behind a NAT kick each other off at rekey time
#267 pluto crashes on inbound X.509 roadwarrior
#269 informational crasher in demux.c
#301 kernel_netkey.c lists invalid ESP algorithm
#302 pluto assumes it has 3DES
#305 passert_fail (pred_str=0x80b88e3 "st->st_suspended_md->st == st", file_str=0x80b86a0 "state.c"
#306 st->st_suspended_md->st == st passert()
#316 Patch for ALG support from Astaro
#324 Impossible to disable AGGRESSIVE mode
#327 pluto nat-t detection on 2.6 without klips nat-t patch fails to
#328 ipsec setup fxies for awk compiled with --enable-switch
#341 Pluto crashes with: ipsec__plutorun: !pluto failure!: exited with error
status 134 (signal 6)
#342 fix for 2.6.12 undocumented API fixes for sk_zapped and sk_alloc()
(based on fix from Sergeil.
#350 fix for passert() at connections.c:1353: isanyaddr(&c->spd.that.host_addr)
#355 dpdaction restart fix from Astaro
#357 secure_xauth_username_str fix from Astaro
#360 checkv199install creates bogus "old" files
#361/#363 fix for passert() demux.c:1204: unknown address family in
#368 Fix for ipsec --setup --status output and eroute counting
#372 Netkey and device labels (eth#:#)
#373 _updown_x509 still uses obsolete 'route add' commands
#377 pluto crashes processing first connection if nhelpers=0
#380 pluto crashes when sent an IKEPING
#381 assertion failure in init_demux if AGGRESSIVE not defined
#383 MODP >= 4096 FIX
#386 undefined symbols compiling klips as module
#387 / #420 pfkey_ops undefined error on SMP kernel compiles.
possibly fixed, but may result in SMP unsafe-ness.
#342 KLIPS cannot be compiled for 2.6.12+
#415 RPM packaging errors for 2.4 based kernels
#416 Need a way to tell if NAT-T is compiled in the IPSec kernel
From: Paul Wouters [mailto:paul at xelerance.com]
Sent: Monday, October 03, 2011 1:11 PM
To: Chen, Xuli (James)
Cc: Users at openswan.org
Subject: Re: [Openswan Users] ipsec__plutorun: !pluto failure!: exited with error status 134 (signal 6)
On Mon, 3 Oct 2011, Chen, Xuli (James) wrote:
> I'm experiencing below pluto failure with openswan-2.6.21-5.el5_5.3 when I was trying to stop ipsec during traffic.
> According to searching result from Google, it looks this kind of issue happened before with older openswan release.
> But I could not understand what's the root cause and solution for that. Anyone knows the root cause and solution?
2.6.21 is very old. You should upgrade...
> /usr/libexec/ipsec/pluto --nofork --secretsfile /etc/ipsec.secrets --ipsecdir /etc/ipsec.d --use-netkey
> --crlcheckinterval 600 --nhelpers 0
> Sep 28 09:18:09 tb1ems1 ipsec__plutorun: !pluto failure!: exited with error status 134 (signal 6)
These logs are only the /var/log/messages entries. There is also a "secure" or "daemon" or "auth.log"
that captures logging from the pluto binary.
If you have an ASSERTION FAILED in your /var/log/auth.log log, then we can probably tell you
when and where it was fixed (if it is not a new issue). If it just crashes without a message,
we would need to see a gdb trace before knowing more.
but you can also go through ftp://ftp.openswan.org/openswan/CHANGES to get an idea about whether
or not we fixed it.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users