[Openswan Users] OpenSWAN 2.6.35 - pluto segfaults

Daniel Bramkamp bramkamp at team-datentechnik.de
Thu Sep 8 10:32:36 EDT 2011 

Hi,

I am getting a lot of messages like this on a system running OpenSWAN 2.6.35:

Sep  1 12:16:21 fw-failover-1 kernel: pluto[7633]: segfault at 298 ip 129a5166 sp b23036c0 error 4 in pluto[1297e000+ec000]
Sep  1 19:10:43 fw-failover-1 kernel: pluto[18473]: segfault at 298 ip 1e958166 sp b9cc0be0 error 4 in pluto[1e931000+ec000]
Sep  3 12:22:13 fw-failover-1 kernel: pluto[30608]: segfault at 298 ip 14768166 sp bd1de190 error 4 in pluto[14741000+ec000]
Sep  3 18:55:53 fw-failover-1 kernel: pluto[7158]: segfault at 298 ip 1eb69166 sp be09c1b0 error 4 in pluto[1eb42000+ec000]
Sep  5 19:01:19 fw-failover-1 kernel: pluto[939]: segfault at 298 ip 1286d166 sp be30d700 error 4 in pluto[12846000+ec000]
Sep  6 10:47:05 fw-failover-1 kernel: pluto[22985]: segfault at 298 ip 1d107166 sp bd7eaa40 error 4 in pluto[1d0e0000+ec000]
Sep  6 17:50:22 fw-failover-1 kernel: pluto[16659]: segfault at 298 ip 1b65d166 sp be933b70 error 4 in pluto[1b636000+ec000]
Sep  6 17:59:02 fw-failover-1 kernel: pluto[5112]: segfault at 298 ip 1c72b166 sp bfef21b0 error 4 in pluto[1c704000+ec000]
Sep  7 15:05:38 fw-failover-1 kernel: pluto[12931]: segfault at 298 ip 165bc166 sp b1e27420 error 4 in pluto[16595000+ec000]
Sep  8 12:28:39 fw-failover-1 kernel: pluto[3059]: segfault at 298 ip 12980166 sp b6399ea0 error 4 in pluto[12959000+ec000]
Sep  8 14:37:27 fw-failover-1 kernel: pluto[25686]: segfault at 298 ip 1bc69166 sp b4438f10 error 4 in pluto[1bc42000+ec000]

I am using KLIPS on a Grsecurity/PAX hardened kernel 2.6.36. When this happens, the vpn connection is dead for a moment and reestablished, which leads to a lot of Citrix sessions being disconnected. :(

Unfortunately, I did not have dumpdir set, so I do not have any core dump to provide yet. I don't think it's a hardware issue because this is a redundant configuration and the second system produces the same messages when active.

Are there any known issues regarding Pluto segfaults ? Anything I can try to fix this ?

My configuration looks like this:

# basic configuration
config setup
        #nat_traversal=no
        virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!192.168.1.0/24
        #
        # enable this if you see "failed to find any available worker"
        nhelpers=0
        #plutodebug=none
        #klipsdebug=none
        overridemtu=1400
        #fragicmp=no
        protostack=klips
        oe=off
        interfaces="ipsec0=eth1"

conn rz-XXX
        auto=add
        authby=rsasig
        left=XXX
        leftnexthop=XXX
        leftsubnet=192.168.1.0/255.255.255.0
        leftsourceip=192.168.1.9
        leftrsasigkey=%cert
        leftcert=gw_cert.pem
        leftid="XXX"
        right=%any
        rightrsasigkey=%cert
        rightsubnet=192.168.2.0/24
        rightid="XXX"
        pfs=yes
       ike=aes128-md5-modp1536
        phase2alg=aes128-md5
        ikelifetime=480m
        salifetime=480m
        dpddelay=60
        dpdtimeout=120
        dpdaction=restart

Thanks in advance
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20110908/d6ba7ac0/attachment.html

More information about the Users mailing list