[Openswan Users] ipsec__plutorun: !pluto failure!: exited with error status 134 (signal 6)

Chen, Xuli (James) chenja at avaya.com
Mon Oct 3 13:41:21 EDT 2011

The change log says it was fixed in V2.4.0, but I'm getting it from 2.6.21.

v2.4.0 (Sep 12, 2005)
* NAT-T support for KLIPS on 2.6 (Sponsored by Astaro)
* Additional Cipher support with KLIPS on 2.6 (Sponsored by Astaro)
* Fix for NAT-T/PSK rekey (Ulrich @ Astaro)
* Delete _updown.c and _updown.posix versions as they were obsolete
* Fixes for aggressive mode and policy mode
* Various bugfixes as reported on http://bugs.openswan.org/
  #201 pluto not accepting negotiations on port 500 after port floating to 4500
  #249 two default routes confuses scripts
  #261 2 RW's w/DPD behind a NAT kick each other off at rekey time
  #267 pluto crashes on inbound X.509 roadwarrior
  #269 informational crasher in demux.c
  #301 kernel_netkey.c lists invalid ESP algorithm
  #302 pluto assumes it has 3DES
  #305 passert_fail (pred_str=0x80b88e3 "st->st_suspended_md->st == st", file_str=0x80b86a0 "state.c"
  #306 st->st_suspended_md->st == st passert()
  #316 Patch for ALG support from Astaro
  #324 Impossible to disable AGGRESSIVE mode
  #327 pluto nat-t detection on 2.6 without klips nat-t patch fails to
       disable nat-t
  #328 ipsec setup fxies for awk compiled with --enable-switch
  #341 Pluto crashes with: ipsec__plutorun: !pluto failure!: exited with error
       status 134 (signal 6)
  #342 fix for 2.6.12 undocumented API fixes for sk_zapped and sk_alloc()
       (based on fix from Sergeil.
  #350 fix for passert() at connections.c:1353: isanyaddr(&c->spd.that.host_addr)
  #355 dpdaction restart fix from Astaro
  #357 secure_xauth_username_str fix from Astaro
  #360 checkv199install creates bogus "old" files
  #361/#363 fix for passert() demux.c:1204: unknown address family in
  #368 Fix for ipsec --setup --status output and eroute counting
  #372 Netkey and device labels (eth#:#)
  #373 _updown_x509 still uses obsolete 'route add' commands
  #377 pluto crashes processing first connection if nhelpers=0
  #380 pluto crashes when sent an IKEPING
  #381 assertion failure in init_demux if AGGRESSIVE not defined
  #383 MODP >= 4096 FIX
  #386 undefined symbols compiling klips as module
  #387 / #420 pfkey_ops undefined error on SMP kernel compiles.
              possibly fixed, but may result in SMP unsafe-ness.
  #342 KLIPS cannot be compiled for 2.6.12+
  #415 RPM packaging errors for 2.4 based kernels
  #416 Need a way to tell if NAT-T is compiled in the IPSec kernel

-----Original Message-----
From: Paul Wouters [mailto:paul at xelerance.com]
Sent: Monday, October 03, 2011 1:11 PM
To: Chen, Xuli (James)
Cc: Users at openswan.org
Subject: Re: [Openswan Users] ipsec__plutorun: !pluto failure!: exited with error status 134 (signal 6)

On Mon, 3 Oct 2011, Chen, Xuli (James) wrote:

> I'm experiencing below pluto failure with openswan-2.6.21-5.el5_5.3 when I was trying to stop ipsec during traffic.
> According to searching result from Google, it looks this kind of issue happened before with older openswan release.
> But I could not understand what's the root cause and solution for that. Anyone knows the root cause and solution?

2.6.21 is very old. You should upgrade...

> /usr/libexec/ipsec/pluto --nofork --secretsfile /etc/ipsec.secrets --ipsecdir /etc/ipsec.d --use-netkey
> --crlcheckinterval 600 --nhelpers 0
> Sep 28 09:18:09 tb1ems1 ipsec__plutorun: !pluto failure!:  exited with error status 134 (signal 6)

These logs are only the /var/log/messages entries. There is also a "secure" or "daemon" or "auth.log"
that captures logging from the pluto binary.

If you have an ASSERTION FAILED in your /var/log/auth.log log, then we can probably tell you
when and where it was fixed (if it is not a new issue). If it just crashes without a message,
we would need to see a gdb trace before knowing more.

but you can also go through ftp://ftp.openswan.org/openswan/CHANGES to get an idea about whether
or not we fixed it.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20111003/505a0b85/attachment.html 

More information about the Users mailing list