[Openswan Users] help, unsubscribe
LeRoy H Grubbs
lhgrubbs at earthlink.net
Thu Sep 22 16:47:24 EDT 2011
-----Original Message-----
>From: users-request at openswan.org
>Sent: Sep 22, 2011 3:29 PM
>To: users at openswan.org
>Subject: Users Digest, Vol 94, Issue 35
>
>Send Users mailing list submissions to
> users at openswan.org
>
>To subscribe or unsubscribe via the World Wide Web, visit
> http://lists.openswan.org/mailman/listinfo/users
>or, via email, send a message with subject or body 'help' to
> users-request at openswan.org
>
>You can reach the person managing the list at
> users-owner at openswan.org
>
>When replying, please edit your Subject line so it is more specific
>than "Re: Contents of Users digest..."
>
>
>Today's Topics:
>
> 1. Re: IPV6 tunnel formation (Paul Wouters)
> 2. Re: Am I actually using NAT? (Paul Wouters)
> 3. Re: Am I actually using NAT? (James Nelson)
> 4. oakley_alg_makedb() failure explained (Paul Wouters)
>
>
>----------------------------------------------------------------------
>
>Message: 1
>Date: Thu, 22 Sep 2011 15:26:50 -0400 (EDT)
>From: Paul Wouters <paul at xelerance.com>
>Subject: Re: [Openswan Users] IPV6 tunnel formation
>To: SaRaVanAn <saravanan.nagarajan87 at gmail.com>
>Cc: users at openswan.org
>Message-ID: <alpine.LFD.1.10.1109221525480.7565 at newtla.xelerance.com>
>Content-Type: TEXT/PLAIN; charset=ISO-8859-1; format=flowed
>
>On Thu, 22 Sep 2011, SaRaVanAn wrote:
>
>> ?? I j tried forming IPv6 tunnel using openSwan.
>> After I execute the command "service ipsec start", ping is not working. I just debugged using wireshark.
>> The ping packets are not going out of an interface.?? If I execute the command "ipsec auto --up "west-east", the terminal is not responding.
>> Can you guys please help me to solve this problem?
>
>You'll need to show us something to work with. What's pluto logging?
>
>> conn west-east
>> ??????? connaddrfamily=ipv6
>> ??????? type=tunnel
>> ??????? left=2001:db8:0:f101::2
>> ??????? right=2001:db8:0:f101::1
>> ??????? keyexchange=ike
>> ??????? esp=aes128-sha1
>> ??????? ike=aes128-sha1-modp1024
>> ??????? auto=route
>
>You mean auto=start ?
>
>Paul
>
>
>------------------------------
>
>Message: 2
>Date: Thu, 22 Sep 2011 15:31:45 -0400 (EDT)
>From: Paul Wouters <paul at xelerance.com>
>Subject: Re: [Openswan Users] Am I actually using NAT?
>To: James Nelson <james.nelson.ii at gmail.com>
>Cc: Users at openswan.org
>Message-ID: <alpine.LFD.1.10.1109221528090.7565 at newtla.xelerance.com>
>Content-Type: TEXT/PLAIN; charset=ISO-8859-1; format=flowed
>
>On Thu, 22 Sep 2011, James Nelson wrote:
>
>> Me again. ?Paul, I appreciate your assistance greatly up to this point. ?I've simplified my original configuration, but still can't see any
>> traffic after the Ipsec SA established tunnel mode is enabled. ?I try pinging or hitting servers on the client side from my Amazon EC2 server and
>> get silence. ?The client side says they can't even see any traffic hitting their firewall, much less passing through it. ?
>> 1) Assume we have a fresh installation. ?From the Amazon end, upon the creation of the server, besides disabling ICMP send and accept redirects
>> and enabling ip forwarding, is there anything else that has to be done on the instance? ?(ifconfig, port opening, iptables, etc...) ?This is
>> where my knowledge is weakest, and therefore where I'm most concerned I'm missing something obvious or stupid that any network engineer would
>> know.
>>
>> 2) After establishing the SA tunnel, what is the best way to test whether or not I can send traffic to the client, and how can I tell if its
>> being NAT'ed/going through the correct ports (UDP 500/4500)? ?Right now, I've been just trying to ping the client gateway or using elinks to see
>> if I can reach the client WSDL addresses for download.?
>
>To ensure you're not NATing your traffic, you can add a rule to a known destination IP you use for testing,
>eg iptables -I POSTROUTING -d 1.2.3.4/32 -j RETURN
>
>> conn ec2check
>> ? ? ? ? connaddrfamily=ipv4
>> ? ? ? ? type=tunnel
>> ? ? ? ? authby=secret
>> ? ? ? ? ike=3des-md5
>> ? ? ? ? ikelifetime=86400s
>> ? ? ? ? phase2=esp
>> ? ? ? ? phase2alg=3des-md5
>> ? ? ? ? lifetime=28800s
>> ? ? ? ? forceencaps=yes
>> ? ? ? ? pfs=no
>> ? ? ? ? left=<AMAZON LOCAL IP>
>> ? ? ? ? leftid=<AMAZON ELASTIC IP>
>> ? ? ? ? leftnexthop=%defaultroute
>> ? ? ? ? leftsubnet=0.0.0.0/0
>
>If this connection is happening, the other end will send you ALL their traffic.
>Is that really what you want?
>
>> The route I'm trying for is?
>> Amazon Local---------------Amazon Elastic===Internet===Client Checkpoint----------Client Internal
>> 10.XX.XX.XX ? ? ? ? ? ? ? ? ? 184.XX.XX.XX ? ? ? ? ? ? ? ? ? ? ? ? ? 198.XX.XX.XX ? ? ? ? ? ? ? ? 168.XX.XX.XX/XX
>
>I think you really want to say leftsubnet=<AMAZON ELASTIC IP>
>Then you probaly need to configure that IP locally, and add a route like
> ip route add 168.XX.XX.XX/XX via yourgw src <AMAZON ELASTIC IP>
>
>Paul
>
>
>------------------------------
>
>Message: 3
>Date: Thu, 22 Sep 2011 15:19:03 -0500
>From: James Nelson <james.nelson.ii at gmail.com>
>Subject: Re: [Openswan Users] Am I actually using NAT?
>To: Paul Wouters <paul at xelerance.com>
>Cc: Users at openswan.org
>Message-ID:
> <CAD4DVG=8e+b8ktDRx=G5xvdXdkF5E0+=8v+zqWmCVdgzP6=H6g at mail.gmail.com>
>Content-Type: text/plain; charset="iso-8859-1"
>
>>
>> Amazon Local---------------Amazon Elastic===Internet===Client
>>> Checkpoint----------Client Internal
>>> 10.XX.XX.XX 184.XX.XX.XX
>>> 198.XX.XX.XX 168.XX.XX.XX/XX
>>>
>>
>> I think you really want to say leftsubnet=<AMAZON ELASTIC IP>
>> Then you probaly need to configure that IP locally, and add a route like
>> ip route add 168.XX.XX.XX/XX via yourgw src <AMAZON ELASTIC IP>
>
>
>When I try to run the ip route command, I get the generic RTNETLINK no such
>process error. I'm assuming by yourgw you mean the 198 address?
>
>ip route add <CLIENT INTERNAL SUBNET> via <CLIENT CHECKPOINT> src <ELASTIC
>IP>
>
>-- James
>-------------- next part --------------
>An HTML attachment was scrubbed...
>URL: http://lists.openswan.org/pipermail/users/attachments/20110922/fc6e09a6/attachment-0001.html
>
>------------------------------
>
>Message: 4
>Date: Thu, 22 Sep 2011 16:27:38 -0400 (EDT)
>From: Paul Wouters <paul at xelerance.com>
>Subject: [Openswan Users] oakley_alg_makedb() failure explained
>To: dev at openswan.org, users at openswan.org
>Cc: Bastian Lemke <bastian.lemke at gmail.com>
>Message-ID: <alpine.LFD.1.10.1109221610220.7565 at newtla.xelerance.com>
>Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII
>
>
>I still need to dive in deeper, but figured I'd bump this to dev@
>
>It looks like oakley_alg_makedb() is trying to make the gsp, but it
>remains NULL, and just before the end of the function we try to
>call gsp->parentSA = TRUE; and segfault.
>
>This function is not designed to fail with an error condition, and
>it seems odd that i cannot make a single proposal. looking at the
>corresponding ike/esp values for that conn I see:
>
> aggrmode=yes
> auto=add
> auth=esp
> esp=aes128-sha1-2
> ike=des-md5-2
>
>I guess the parser should have failed on this?
>
>Bastian: I assume you meant "2" as in DiffieHellman group 2? That would be:
>
> esp=aes128-sha1;modp1024
> ike=des-md5;modp1024
>
>Then I also noticed you wrote "des" and not "3des", which I think is the real
>reason for the crasher, as we no longer support single des, and that entry
>should not make it into the loaded proposal. You mean:
>
> esp=aes128-sha1;modp1024
> ike=3des-md5;modp1024
>
>I confirmed using hte modp syntax with single des causes the crash.
>
>I'll try and fix it before we release 2.6.36
>
>Paul
>
>---------- Forwarded message ----------
>Date: Thu, 22 Sep 2011 20:38:51 +0200
>From: Bastian Lemke <bastian.lemke at gmail.com>
>Cc: users at openswan.org
>To: Paul Wouters <paul at xelerance.com>
>Subject: Re: [Openswan Users] ipsec__plutorun: Segmentation fault
>
>Dear Paul,
>
>I downloaded the openswan sources from openswan.org and modified Makefile.inc:
>USE_LEAK_DETECTIVE=true
>USERCOMPILE=-g -O0 -m64 ${WERROR} $(GCC_LINT)
>
>That's the new backtrace:
>
>#0 0x000000000046055c in oakley_alg_makedb (ai=0x1cbd848, base=0x6f9508,
>maxtrans=2) at
>/home/lemke/Downloads/openswan/openswan-2.6.35/programs/pluto/spdb_struct.c:316
> gsp = 0x0
> emp_sp = 0x0
> ike_info = 0x1cbd898
> ealg = 1
> halg = 1
> modp = 2
> eklen = 0
> last_modp = 0
> wrong_modp = 0
> enc_desc = 0x1cc1550
> transcnt = 0
> i = -1
>#1 0x000000000046291b in init_am_st_oakley (st=0x1cc0de8, policy=2181628005)
>at
>/home/lemke/Downloads/openswan/openswan-2.6.35/programs/pluto/spdb_v1_struct.c:1315
> ta = {encrypt = 0, enckeylen = 0, prf_hash = 0, integ_hash = 0, auth =
>0, xauth = 0, groupnum = 0, life_seconds = 3600, life_kilobytes = 1000000,
>encrypter = 0x0, prf_hasher = 0x0, integ_hasher = 0x0, group = 0x0, ei = 0x0}
> enc = 0x0
> hash = 0x1cc10f8
> auth = 0x1cc03e8
> grp = 0x3ce92e19c
> trans = 0x4037c0
> prop = 0x7fffce92e1a0
> cprop = 0x41501a
> sa = 0x6f9508
> revised_sadb = 0x7fffce92e1a0
> c = 0x1cbe088
> policy_index = 9
>#2 0x00000000004740dc in aggr_outI1 (whack_sock=19, c=0x1cbe088,
>predecessor=0x0, policy=2181628005, try=1, importance=pcim_demand_crypto) at
>/home/lemke/Downloads/openswan/openswan-2.6.35/programs/pluto/ikev1_aggr.c:1025
> st = 0x1cc0de8
> sr = 0x0
> __FUNCTION__ = <error reading variable __FUNCTION__ (Cannot access
>memory at address 0x4cae60)>
>#3 0x00000000004211da in ipsecdoi_initiate (whack_sock=19, c=0x1cbe088,
>policy=2181628005, try=1, replacing=0, importance=pcim_demand_crypto) at
>/home/lemke/Downloads/openswan/openswan-2.6.35/programs/pluto/ipsec_doi.c:356
> initiator = 0x473f83 <aggr_outI1>
> st = 0x0
>#4 0x000000000040c99d in initiate_a_connection (c=0x1cbe088,
>arg=0x7fffce92e2e0) at
>/home/lemke/Downloads/openswan/openswan-2.6.35/programs/pluto/initiate.c:225
> is = 0x7fffce92e2e0
> whackfd = 19
> moredebug = 0
> importance = pcim_demand_crypto
> success = 0
>#5 0x000000000040ca1c in initiate_connection (name=0x7fffce931050 "fcp",
>whackfd=18, moredebug=0, importance=pcim_demand_crypto) at
>/home/lemke/Downloads/openswan/openswan-2.6.35/programs/pluto/initiate.c:250
> is = {whackfd = 18, moredebug = 0, importance = pcim_demand_crypto}
> c = 0x1cbe088
> count = 32653
>#6 0x0000000000451f88 in whack_process (whackfd=10, msg=...) at
>/home/lemke/Downloads/openswan/openswan-2.6.35/programs/pluto/rcv_whack.c:622
> oco = 0x7014c0
>#7 0x0000000000452391 in whack_handle (whackctlfd=5) at
>/home/lemke/Downloads/openswan/openswan-2.6.35/programs/pluto/rcv_whack.c:752
> msg = {magic = 1869114150, whack_status = 0, whack_shutdown = 0,
>name_len = 0, name = 0x7fffce931050 "fcp", whack_options = 0, debugging = 0,
>whack_connection = 0, whack_async = 0, policy = 0, sa_ike_life_seconds = 3600,
> sa_ipsec_life_seconds = 28800, sa_rekey_margin = 540, sa_rekey_fuzz =
>100, sa_keying_tries = 0, dpd_delay = 0, dpd_timeout = 0, dpd_action =
>DPD_ACTION_CLEAR, dpd_count = 0, remotepeertype = NON_CISCO, forceencaps = 0,
> nmconfigured = NO, connmtu = 0, left = {id = 0x0, cert = 0x0, ca =
>0x0, groups = 0x0, host_type = KH_NOTSET, host_addr = {u = {v4 = {sin_family =
>0, sin_port = 0, sin_addr = {s_addr = 0},
> sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family
>= 0, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {__in6_u = {__u6_addr8 =
>'\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0},
> __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}},
>host_nexthop = {u = {v4 = {sin_family = 0, sin_port = 0, sin_addr = {s_addr =
>0}, sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 0,
> sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {__in6_u =
>{__u6_addr8 = '\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0,
>0}, __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}}, host_srcip = {u = {v4 =
>{
> sin_family = 0, sin_port = 0, sin_addr = {s_addr = 0},
>sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 0, sin6_port =
>0, sin6_flowinfo = 0, sin6_addr = {__in6_u = {
> __u6_addr8 = '\000' <repeats 15 times>, __u6_addr16 = {0,
>0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}},
>client = {addr = {u = {v4 = {sin_family = 0, sin_port = 0, sin_addr = {
> s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"},
>v6 = {sin6_family = 0, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {__in6_u =
>{__u6_addr8 = '\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0,
> 0}, __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id =
>0}}}, maskbits = 0}, key_from_DNS_on_demand = 0, has_client = 0,
>has_client_wildcard = 0, has_port_wildcard = 0, updown = 0x0, host_port = 0,
>port = 0,
> protocol = 0 '\000', virt = 0x0, xauth_server = 0, xauth_client =
>0, xauth_name = 0x0, modecfg_server = 0, modecfg_client = 0, tundev = 0,
>sendcert = 0, certtype = CERT_NONE, host_addr_name = 0x0}, right = {id = 0x0,
> cert = 0x0, ca = 0x0, groups = 0x0, host_type = KH_NOTSET,
>host_addr = {u = {v4 = {sin_family = 0, sin_port = 0, sin_addr = {s_addr = 0},
>sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 0, sin6_port =
>0,
> sin6_flowinfo = 0, sin6_addr = {__in6_u = {__u6_addr8 =
>'\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32
>= {0, 0, 0, 0}}}, sin6_scope_id = 0}}}, host_nexthop = {u = {v4 = {sin_family =
>0,
> sin_port = 0, sin_addr = {s_addr = 0}, sin_zero =
>"\000\000\000\000\000\000\000"}, v6 = {sin6_family = 0, sin6_port = 0,
>sin6_flowinfo = 0, sin6_addr = {__in6_u = {__u6_addr8 = '\000' <repeats 15
>times>,
> __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0,
>0, 0, 0}}}, sin6_scope_id = 0}}}, host_srcip = {u = {v4 = {sin_family = 0,
>sin_port = 0, sin_addr = {s_addr = 0},
> sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family
>= 0, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {__in6_u = {__u6_addr8 =
>'\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0},
> __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}},
>client = {addr = {u = {v4 = {sin_family = 0, sin_port = 0, sin_addr = {s_addr =
>0}, sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 0,
> sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {__in6_u =
>{__u6_addr8 = '\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0,
>0}, __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}}, maskbits = 0},
> key_from_DNS_on_demand = 0, has_client = 0, has_client_wildcard =
>0, has_port_wildcard = 0, updown = 0x0, host_port = 500, port = 0, protocol = 0
>'\000', virt = 0x0, xauth_server = 0, xauth_client = 0, xauth_name = 0x0,
> modecfg_server = 0, modecfg_client = 0, tundev = 0, sendcert = 0,
>certtype = CERT_NONE, host_addr_name = 0x0}, addr_family = 2,
>tunnel_addr_family = 2, ike = 0x0, pfsgroup = 0x0, esp = 0x0, whack_key = 0,
>whack_addkey = 0,
> keyid = 0x0, pubkey_alg = 0, keyval = {ptr = 0x7fffce93106e "", len =
>0}, whack_myid = 0, myid = 0x0, whack_route = 0, whack_unroute = 0,
>whack_initiate = 1, whack_oppo_initiate = 0, oppo_my_client = {u = {v4 = {
> sin_family = 0, sin_port = 0, sin_addr = {s_addr = 0}, sin_zero
>= "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 0, sin6_port = 0,
>sin6_flowinfo = 0, sin6_addr = {__in6_u = {__u6_addr8 = '\000' <repeats 15
>times>,
> __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0,
>0, 0, 0}}}, sin6_scope_id = 0}}}, oppo_peer_client = {u = {v4 = {sin_family =
>0, sin_port = 0, sin_addr = {s_addr = 0},
> sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family =
>0, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {__in6_u = {__u6_addr8 =
>'\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32
>= {
> 0, 0, 0, 0}}}, sin6_scope_id = 0}}}, whack_terminate = 0,
>whack_delete = 0, whack_deletestate = 0, whack_deletestateno = 0, whack_listen
>= 0, whack_unlisten = 0, whack_crash = 0, whack_crash_peer = {u = {v4 = {
> sin_family = 0, sin_port = 0, sin_addr = {s_addr = 0}, sin_zero
>= "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 0, sin6_port = 0,
>sin6_flowinfo = 0, sin6_addr = {__in6_u = {__u6_addr8 = '\000' <repeats 15
>times>,
> __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0,
>0, 0, 0}}}, sin6_scope_id = 0}}}, whack_utc = 0, whack_list = 0,
>whack_purgeocsp = 0, whack_reread = 0 '\000', tpmeval = 0x0, connalias = 0x0,
> modecfg_dns1 = {u = {v4 = {sin_family = 0, sin_port = 0, sin_addr =
>{s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family =
>0, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {__in6_u = {
> __u6_addr8 = '\000' <repeats 15 times>, __u6_addr16 = {0,
>0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}},
>modecfg_dns2 = {u = {v4 = {sin_family = 0, sin_port = 0, sin_addr = {s_addr =
>0},
> sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family =
>0, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {__in6_u = {__u6_addr8 =
>'\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32
>= {
> 0, 0, 0, 0}}}, sin6_scope_id = 0}}}, modecfg_wins1 = {u =
>{v4 = {sin_family = 0, sin_port = 0, sin_addr = {s_addr = 0}, sin_zero =
>"\000\000\000\000\000\000\000"}, v6 = {sin6_family = 0, sin6_port = 0,
> sin6_flowinfo = 0, sin6_addr = {__in6_u = {__u6_addr8 = '\000'
><repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0,
>0, 0, 0}}}, sin6_scope_id = 0}}}, modecfg_wins2 = {u = {v4 = {sin_family = 0,
> sin_port = 0, sin_addr = {s_addr = 0}, sin_zero =
>"\000\000\000\000\000\000\000"}, v6 = {sin6_family = 0, sin6_port = 0,
>sin6_flowinfo = 0, sin6_addr = {__in6_u = {__u6_addr8 = '\000' <repeats 15
>times>, __u6_addr16 = {
> 0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}},
>sin6_scope_id = 0}}}, metric = 0, dnshostname = 0x0, opt_set =
>WHACK_ADJUSTOPTIONS, string1 = 0x0, string2 = 0x0, string3 = 0x0, str_size = 0,
> string = "fcp", '\000' <repeats 4092 times>}
> msg_saved = {magic = 1869114150, whack_status = 0, whack_shutdown = 0,
>name_len = 0, name = 0x0, whack_options = 0, debugging = 0, whack_connection =
>0, whack_async = 0, policy = 0, sa_ike_life_seconds = 3600,
> sa_ipsec_life_seconds = 28800, sa_rekey_margin = 540, sa_rekey_fuzz =
>100, sa_keying_tries = 0, dpd_delay = 0, dpd_timeout = 0, dpd_action =
>DPD_ACTION_CLEAR, dpd_count = 0, remotepeertype = NON_CISCO, forceencaps = 0,
> nmconfigured = NO, connmtu = 0, left = {id = 0x0, cert = 0x0, ca =
>0x0, groups = 0x0, host_type = KH_NOTSET, host_addr = {u = {v4 = {sin_family =
>0, sin_port = 0, sin_addr = {s_addr = 0},
> sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family
>= 0, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {__in6_u = {__u6_addr8 =
>'\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0},
> __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}},
>host_nexthop = {u = {v4 = {sin_family = 0, sin_port = 0, sin_addr = {s_addr =
>0}, sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 0,
> sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {__in6_u =
>{__u6_addr8 = '\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0,
>0}, __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}}, host_srcip = {u = {v4 =
>{
> sin_family = 0, sin_port = 0, sin_addr = {s_addr = 0},
>sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 0, sin6_port =
>0, sin6_flowinfo = 0, sin6_addr = {__in6_u = {
> __u6_addr8 = '\000' <repeats 15 times>, __u6_addr16 = {0,
>0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}},
>client = {addr = {u = {v4 = {sin_family = 0, sin_port = 0, sin_addr = {
> s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"},
>v6 = {sin6_family = 0, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {__in6_u =
>{__u6_addr8 = '\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0,
> 0}, __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id =
>0}}}, maskbits = 0}, key_from_DNS_on_demand = 0, has_client = 0,
>has_client_wildcard = 0, has_port_wildcard = 0, updown = 0x0, host_port = 0,
>port = 0,
> protocol = 0 '\000', virt = 0x0, xauth_server = 0, xauth_client =
>0, xauth_name = 0x0, modecfg_server = 0, modecfg_client = 0, tundev = 0,
>sendcert = 0, certtype = CERT_NONE, host_addr_name = 0x0}, right = {id = 0x0,
> cert = 0x0, ca = 0x0, groups = 0x0, host_type = KH_NOTSET,
>host_addr = {u = {v4 = {sin_family = 0, sin_port = 0, sin_addr = {s_addr = 0},
>sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 0, sin6_port =
>0,
> sin6_flowinfo = 0, sin6_addr = {__in6_u = {__u6_addr8 =
>'\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32
>= {0, 0, 0, 0}}}, sin6_scope_id = 0}}}, host_nexthop = {u = {v4 = {sin_family =
>0,
> sin_port = 0, sin_addr = {s_addr = 0}, sin_zero =
>"\000\000\000\000\000\000\000"}, v6 = {sin6_family = 0, sin6_port = 0,
>sin6_flowinfo = 0, sin6_addr = {__in6_u = {__u6_addr8 = '\000' <repeats 15
>times>,
> __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0,
>0, 0, 0}}}, sin6_scope_id = 0}}}, host_srcip = {u = {v4 = {sin_family = 0,
>sin_port = 0, sin_addr = {s_addr = 0},
> sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family
>= 0, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {__in6_u = {__u6_addr8 =
>'\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0},
> __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}},
>client = {addr = {u = {v4 = {sin_family = 0, sin_port = 0, sin_addr = {s_addr =
>0}, sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 0,
> sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {__in6_u =
>{__u6_addr8 = '\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0,
>0}, __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}}, maskbits = 0},
> key_from_DNS_on_demand = 0, has_client = 0, has_client_wildcard =
>0, has_port_wildcard = 0, updown = 0x0, host_port = 500, port = 0, protocol = 0
>'\000', virt = 0x0, xauth_server = 0, xauth_client = 0, xauth_name = 0x0,
> modecfg_server = 0, modecfg_client = 0, tundev = 0, sendcert = 0,
>certtype = CERT_NONE, host_addr_name = 0x0}, addr_family = 2,
>tunnel_addr_family = 2, ike = 0x0, pfsgroup = 0x0, esp = 0x0, whack_key = 0,
>whack_addkey = 0,
> keyid = 0x0, pubkey_alg = 0, keyval = {ptr = 0x0, len = 0},
>whack_myid = 0, myid = 0x0, whack_route = 0, whack_unroute = 0, whack_initiate
>= 1, whack_oppo_initiate = 0, oppo_my_client = {u = {v4 = {sin_family = 0,
> sin_port = 0, sin_addr = {s_addr = 0}, sin_zero =
>"\000\000\000\000\000\000\000"}, v6 = {sin6_family = 0, sin6_port = 0,
>sin6_flowinfo = 0, sin6_addr = {__in6_u = {__u6_addr8 = '\000' <repeats 15
>times>, __u6_addr16 = {
> 0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}},
>sin6_scope_id = 0}}}, oppo_peer_client = {u = {v4 = {sin_family = 0, sin_port =
>0, sin_addr = {s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"}, v6 = {
> sin6_family = 0, sin6_port = 0, sin6_flowinfo = 0, sin6_addr =
>{__in6_u = {__u6_addr8 = '\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0,
>0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}},
> whack_terminate = 0, whack_delete = 0, whack_deletestate = 0,
>whack_deletestateno = 0, whack_listen = 0, whack_unlisten = 0, whack_crash = 0,
>whack_crash_peer = {u = {v4 = {sin_family = 0, sin_port = 0, sin_addr = {
> s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"}, v6 =
>{sin6_family = 0, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {__in6_u =
>{__u6_addr8 = '\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0,
>0},
> __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}},
>whack_utc = 0, whack_list = 0, whack_purgeocsp = 0, whack_reread = 0 '\000',
>tpmeval = 0x0, connalias = 0x0, modecfg_dns1 = {u = {v4 = {sin_family = 0,
> sin_port = 0, sin_addr = {s_addr = 0}, sin_zero =
>"\000\000\000\000\000\000\000"}, v6 = {sin6_family = 0, sin6_port = 0,
>sin6_flowinfo = 0, sin6_addr = {__in6_u = {__u6_addr8 = '\000' <repeats 15
>times>, __u6_addr16 = {
> 0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}},
>sin6_scope_id = 0}}}, modecfg_dns2 = {u = {v4 = {sin_family = 0, sin_port = 0,
>sin_addr = {s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"}, v6 = {
> sin6_family = 0, sin6_port = 0, sin6_flowinfo = 0, sin6_addr =
>{__in6_u = {__u6_addr8 = '\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0,
>0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}},
> modecfg_wins1 = {u = {v4 = {sin_family = 0, sin_port = 0, sin_addr =
>{s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family =
>0, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {__in6_u = {
> __u6_addr8 = '\000' <repeats 15 times>, __u6_addr16 = {0,
>0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}},
>modecfg_wins2 = {u = {v4 = {sin_family = 0, sin_port = 0, sin_addr = {s_addr =
>0},
> sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family =
>0, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {__in6_u = {__u6_addr8 =
>'\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32
>= {
> 0, 0, 0, 0}}}, sin6_scope_id = 0}}}, metric = 0,
>dnshostname = 0x0, opt_set = WHACK_ADJUSTOPTIONS, string1 = 0x0, string2 = 0x0,
>string3 = 0x0, str_size = 0, string = "fcp", '\000' <repeats 4092 times>}
> whackaddr = {sun_family = 1,
> sun_path = "N", '\000' <repeats 13 times>"\300,
>TN\000\000\000\000\000<\000\000\000\000\000\000\000\240
>\223\316\377\177\000\000\371\300H\000\000\000\000\000\017\000\000\000\000\000\000\000\300TN",
>'\000' <repeats 13 times>, "+TN\000\000\000\000\000\320
>\223\316\377\177\000\000\340$\223\316\377\177\000\000X\327\313\001\000\000\000\000\001|{N\001"}
> whackaddrlen = 2
> whackfd = 10
> n = 1086
>#8 0x000000000041ce90 in call_server () at
>/home/lemke/Downloads/openswan/openswan-2.6.35/programs/pluto/server.c:775
> readfds = {__osfds_bits = {32, 0 <repeats 127 times>}}
> writefds = {__osfds_bits = {0 <repeats 128 times>}}
> ndes = 1
> ifp = 0x0
>#9 0x0000000000419c92 in main (argc=28, argv=0x7fffce932bc8) at
>/home/lemke/Downloads/openswan/openswan-2.6.35/programs/pluto/plutomain.c:1055
> fork_desired = 0
> lockfd = 4
> ocspuri = 0x0
> nhelpers = -1
> coredir = 0x0
> oco = 0x7014c0
> nat_traversal = 1
> nat_t_spf = 1
> keep_alive = 0
> force_keepalive = 0
> virtual_private = 0x7fffce934ab4
>"%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12"
>
>Regards,
>Bastian
>
>
>Am 22.09.2011 08:48, schrieb Bastian Lemke:
>> Dear Paul,
>>
>> Am 20.09.2011 15:51, schrieb Paul Wouters:
>>>> #0 oakley_alg_makedb (ai=0x7faa572461c0, base=0x0, maxtrans=0)
>>>> at
>>>> /vol/openswan-debs/openswan-2.6.35dr1/programs/pluto/spdb_struct.c:316
>>>> gsp = 0x0
>>>> emp_sp = 0x0
>>>> ike_info = 0x7b6878
>>>> ealg = 1
>>>> halg = 1
>>>> modp = 0
>>>> eklen = 0
>>>> last_modp = 0
>>>> wrong_modp = 0
>>>> transcnt = 0
>>>> i = 0
>>> (gdb) bt full
>>>
>>> That's in AH mode? Are you really trying a connection with ah= parameters?
>>> If so,
>>> why? I recommend using esp=null if you really want no encryption.
>> No, I'm not setting ah= parameters. I don't even know this parameter :-) And
>> I don't want to establish an unencrypted connection.
>> I'm not a VPN specialist and have only rudimentary knowledge about the VPN
>> technology. I only tried to connect to my firewall at work (which works with
>> OS X and IPSecuritas quite easily) from ubuntu.
>>
>>>
>>> If you're not using ah, then things are really weird, and you might need to
>>> recompile without -O2 for gdb to make more sense.
>>>
>>> Paul
>>
>> I'll try to recompile openswan this evening to provide you a more useful
>> stacktrace...
>>
>> Regards,
>> Bastian
>
>
>------------------------------
>
>_______________________________________________
>Users mailing list
>Users at openswan.org
>http://lists.openswan.org/mailman/listinfo/users
>
>
>End of Users Digest, Vol 94, Issue 35
>*************************************
LeRoy Grubbs
SKYPE - 816-565-4300
More information about the Users
mailing list