[Openswan Users] help, unsubscribe

LeRoy H Grubbs lhgrubbs at earthlink.net
Thu Sep 22 16:47:24 EDT 2011




-----Original Message-----
>From: users-request at openswan.org
>Sent: Sep 22, 2011 3:29 PM
>To: users at openswan.org
>Subject: Users Digest, Vol 94, Issue 35
>
>Send Users mailing list submissions to
>	users at openswan.org
>
>To subscribe or unsubscribe via the World Wide Web, visit
>	http://lists.openswan.org/mailman/listinfo/users
>or, via email, send a message with subject or body 'help' to
>	users-request at openswan.org
>
>You can reach the person managing the list at
>	users-owner at openswan.org
>
>When replying, please edit your Subject line so it is more specific
>than "Re: Contents of Users digest..."
>
>
>Today's Topics:
>
>   1. Re: IPV6 tunnel formation (Paul Wouters)
>   2. Re: Am I actually using NAT? (Paul Wouters)
>   3. Re: Am I actually using NAT? (James Nelson)
>   4. oakley_alg_makedb() failure explained (Paul Wouters)
>
>
>----------------------------------------------------------------------
>
>Message: 1
>Date: Thu, 22 Sep 2011 15:26:50 -0400 (EDT)
>From: Paul Wouters <paul at xelerance.com>
>Subject: Re: [Openswan Users] IPV6 tunnel formation
>To: SaRaVanAn <saravanan.nagarajan87 at gmail.com>
>Cc: users at openswan.org
>Message-ID: <alpine.LFD.1.10.1109221525480.7565 at newtla.xelerance.com>
>Content-Type: TEXT/PLAIN; charset=ISO-8859-1; format=flowed
>
>On Thu, 22 Sep 2011, SaRaVanAn wrote:
>
>> ?? I j tried forming IPv6 tunnel using openSwan.
>> After I execute the command "service ipsec start", ping is not working. I just debugged using wireshark.
>> The ping packets are not going out of an interface.?? If I execute the command "ipsec auto --up "west-east", the terminal is not responding.
>> Can you guys please help me to solve this problem?
>
>You'll need to show us something to work with. What's pluto logging?
>
>> conn west-east
>> ??????? connaddrfamily=ipv6
>> ??????? type=tunnel
>> ??????? left=2001:db8:0:f101::2
>> ??????? right=2001:db8:0:f101::1
>> ??????? keyexchange=ike
>> ??????? esp=aes128-sha1
>> ??????? ike=aes128-sha1-modp1024
>> ??????? auto=route
>
>You mean auto=start ?
>
>Paul
>
>
>------------------------------
>
>Message: 2
>Date: Thu, 22 Sep 2011 15:31:45 -0400 (EDT)
>From: Paul Wouters <paul at xelerance.com>
>Subject: Re: [Openswan Users] Am I actually using NAT?
>To: James Nelson <james.nelson.ii at gmail.com>
>Cc: Users at openswan.org
>Message-ID: <alpine.LFD.1.10.1109221528090.7565 at newtla.xelerance.com>
>Content-Type: TEXT/PLAIN; charset=ISO-8859-1; format=flowed
>
>On Thu, 22 Sep 2011, James Nelson wrote:
>
>> Me again. ?Paul, I appreciate your assistance greatly up to this point. ?I've simplified my original configuration, but still can't see any
>> traffic after the Ipsec SA established tunnel mode is enabled. ?I try pinging or hitting servers on the client side from my Amazon EC2 server and
>> get silence. ?The client side says they can't even see any traffic hitting their firewall, much less passing through it. ?
>> 1) Assume we have a fresh installation. ?From the Amazon end, upon the creation of the server, besides disabling ICMP send and accept redirects
>> and enabling ip forwarding, is there anything else that has to be done on the instance? ?(ifconfig, port opening, iptables, etc...) ?This is
>> where my knowledge is weakest, and therefore where I'm most concerned I'm missing something obvious or stupid that any network engineer would
>> know.
>> 
>> 2) After establishing the SA tunnel, what is the best way to test whether or not I can send traffic to the client, and how can I tell if its
>> being NAT'ed/going through the correct ports (UDP 500/4500)? ?Right now, I've been just trying to ping the client gateway or using elinks to see
>> if I can reach the client WSDL addresses for download.?
>
>To ensure you're not NATing your traffic, you can add a rule to a known destination IP you use for testing,
>eg iptables -I POSTROUTING -d 1.2.3.4/32 -j RETURN
>
>> conn ec2check
>> ? ? ? ? connaddrfamily=ipv4
>> ? ? ? ? type=tunnel
>> ? ? ? ? authby=secret
>> ? ? ? ? ike=3des-md5
>> ? ? ? ? ikelifetime=86400s
>> ? ? ? ? phase2=esp
>> ? ? ? ? phase2alg=3des-md5
>> ? ? ? ? lifetime=28800s
>> ? ? ? ? forceencaps=yes
>> ? ? ? ? pfs=no
>> ? ? ? ? left=<AMAZON LOCAL IP>
>> ? ? ? ? leftid=<AMAZON ELASTIC IP>
>> ? ? ? ? leftnexthop=%defaultroute
>> ? ? ? ? leftsubnet=0.0.0.0/0
>
>If this connection is happening, the other end will send you ALL their traffic.
>Is that really what you want?
>
>> The route I'm trying for is?
>> Amazon Local---------------Amazon Elastic===Internet===Client Checkpoint----------Client Internal
>> 10.XX.XX.XX ? ? ? ? ? ? ? ? ? 184.XX.XX.XX ? ? ? ? ? ? ? ? ? ? ? ? ? 198.XX.XX.XX ? ? ? ? ? ? ? ? 168.XX.XX.XX/XX
>
>I think you really want to say leftsubnet=<AMAZON ELASTIC IP>
>Then you probaly need to configure that IP locally, and add a route like
>  ip route add 168.XX.XX.XX/XX via yourgw src <AMAZON ELASTIC IP>
>
>Paul
>
>
>------------------------------
>
>Message: 3
>Date: Thu, 22 Sep 2011 15:19:03 -0500
>From: James Nelson <james.nelson.ii at gmail.com>
>Subject: Re: [Openswan Users] Am I actually using NAT?
>To: Paul Wouters <paul at xelerance.com>
>Cc: Users at openswan.org
>Message-ID:
>	<CAD4DVG=8e+b8ktDRx=G5xvdXdkF5E0+=8v+zqWmCVdgzP6=H6g at mail.gmail.com>
>Content-Type: text/plain; charset="iso-8859-1"
>
>>
>> Amazon Local---------------Amazon Elastic===Internet===Client
>>> Checkpoint----------Client Internal
>>> 10.XX.XX.XX                   184.XX.XX.XX
>>> 198.XX.XX.XX                 168.XX.XX.XX/XX
>>>
>>
>> I think you really want to say leftsubnet=<AMAZON ELASTIC IP>
>> Then you probaly need to configure that IP locally, and add a route like
>>  ip route add 168.XX.XX.XX/XX via yourgw src <AMAZON ELASTIC IP>
>
>
>When I try to run the ip route command, I get the generic RTNETLINK no such
>process error.  I'm assuming by yourgw you mean the 198 address?
>
>ip route add <CLIENT INTERNAL SUBNET> via <CLIENT CHECKPOINT> src <ELASTIC
>IP>
>
>-- James
>-------------- next part --------------
>An HTML attachment was scrubbed...
>URL: http://lists.openswan.org/pipermail/users/attachments/20110922/fc6e09a6/attachment-0001.html 
>
>------------------------------
>
>Message: 4
>Date: Thu, 22 Sep 2011 16:27:38 -0400 (EDT)
>From: Paul Wouters <paul at xelerance.com>
>Subject: [Openswan Users] oakley_alg_makedb() failure explained
>To: dev at openswan.org, users at openswan.org
>Cc: Bastian Lemke <bastian.lemke at gmail.com>
>Message-ID: <alpine.LFD.1.10.1109221610220.7565 at newtla.xelerance.com>
>Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII
>
>
>I still need to dive in deeper, but figured I'd bump this to dev@
>
>It looks like oakley_alg_makedb() is trying to make the gsp, but it
>remains NULL, and just before the end of the function we try to
>call gsp->parentSA = TRUE; and segfault.
>
>This function is not designed to fail with an error condition, and
>it seems odd that i cannot make a single proposal. looking at the
>corresponding ike/esp values for that conn I see:
>
> 	aggrmode=yes
>         auto=add
>         auth=esp
>         esp=aes128-sha1-2
>         ike=des-md5-2
>
>I guess the parser should have failed on this?
>
>Bastian: I assume you meant "2" as in DiffieHellman group 2? That would be:
>
>         esp=aes128-sha1;modp1024
>         ike=des-md5;modp1024
>
>Then I also noticed you wrote "des" and not "3des", which I think is the real
>reason for the crasher, as we no longer support single des, and that entry
>should not make it into the loaded proposal. You mean:
>
>         esp=aes128-sha1;modp1024
>         ike=3des-md5;modp1024
>
>I confirmed using hte modp syntax with single des causes the crash.
>
>I'll try and fix it before we release 2.6.36
>
>Paul
>
>---------- Forwarded message ----------
>Date: Thu, 22 Sep 2011 20:38:51 +0200
>From: Bastian Lemke <bastian.lemke at gmail.com>
>Cc: users at openswan.org
>To: Paul Wouters <paul at xelerance.com>
>Subject: Re: [Openswan Users] ipsec__plutorun: Segmentation fault
>
>Dear Paul,
>
>I downloaded the openswan sources from openswan.org and modified Makefile.inc:
>USE_LEAK_DETECTIVE=true
>USERCOMPILE=-g -O0 -m64 ${WERROR} $(GCC_LINT)
>
>That's the new backtrace:
>
>#0  0x000000000046055c in oakley_alg_makedb (ai=0x1cbd848, base=0x6f9508, 
>maxtrans=2) at 
>/home/lemke/Downloads/openswan/openswan-2.6.35/programs/pluto/spdb_struct.c:316
>         gsp = 0x0
>         emp_sp = 0x0
>         ike_info = 0x1cbd898
>         ealg = 1
>         halg = 1
>         modp = 2
>         eklen = 0
>         last_modp = 0
>         wrong_modp = 0
>         enc_desc = 0x1cc1550
>         transcnt = 0
>         i = -1
>#1  0x000000000046291b in init_am_st_oakley (st=0x1cc0de8, policy=2181628005) 
>at 
>/home/lemke/Downloads/openswan/openswan-2.6.35/programs/pluto/spdb_v1_struct.c:1315
>         ta = {encrypt = 0, enckeylen = 0, prf_hash = 0, integ_hash = 0, auth = 
>0, xauth = 0, groupnum = 0, life_seconds = 3600, life_kilobytes = 1000000, 
>encrypter = 0x0, prf_hasher = 0x0, integ_hasher = 0x0, group = 0x0, ei = 0x0}
>         enc = 0x0
>         hash = 0x1cc10f8
>         auth = 0x1cc03e8
>         grp = 0x3ce92e19c
>         trans = 0x4037c0
>         prop = 0x7fffce92e1a0
>         cprop = 0x41501a
>         sa = 0x6f9508
>         revised_sadb = 0x7fffce92e1a0
>         c = 0x1cbe088
>         policy_index = 9
>#2  0x00000000004740dc in aggr_outI1 (whack_sock=19, c=0x1cbe088, 
>predecessor=0x0, policy=2181628005, try=1, importance=pcim_demand_crypto) at 
>/home/lemke/Downloads/openswan/openswan-2.6.35/programs/pluto/ikev1_aggr.c:1025
>         st = 0x1cc0de8
>         sr = 0x0
>         __FUNCTION__ = <error reading variable __FUNCTION__ (Cannot access 
>memory at address 0x4cae60)>
>#3  0x00000000004211da in ipsecdoi_initiate (whack_sock=19, c=0x1cbe088, 
>policy=2181628005, try=1, replacing=0, importance=pcim_demand_crypto) at 
>/home/lemke/Downloads/openswan/openswan-2.6.35/programs/pluto/ipsec_doi.c:356
>         initiator = 0x473f83 <aggr_outI1>
>         st = 0x0
>#4  0x000000000040c99d in initiate_a_connection (c=0x1cbe088, 
>arg=0x7fffce92e2e0) at 
>/home/lemke/Downloads/openswan/openswan-2.6.35/programs/pluto/initiate.c:225
>         is = 0x7fffce92e2e0
>         whackfd = 19
>         moredebug = 0
>         importance = pcim_demand_crypto
>         success = 0
>#5  0x000000000040ca1c in initiate_connection (name=0x7fffce931050 "fcp", 
>whackfd=18, moredebug=0, importance=pcim_demand_crypto) at 
>/home/lemke/Downloads/openswan/openswan-2.6.35/programs/pluto/initiate.c:250
>         is = {whackfd = 18, moredebug = 0, importance = pcim_demand_crypto}
>         c = 0x1cbe088
>         count = 32653
>#6  0x0000000000451f88 in whack_process (whackfd=10, msg=...) at 
>/home/lemke/Downloads/openswan/openswan-2.6.35/programs/pluto/rcv_whack.c:622
>         oco = 0x7014c0
>#7  0x0000000000452391 in whack_handle (whackctlfd=5) at 
>/home/lemke/Downloads/openswan/openswan-2.6.35/programs/pluto/rcv_whack.c:752
>         msg = {magic = 1869114150, whack_status = 0, whack_shutdown = 0, 
>name_len = 0, name = 0x7fffce931050 "fcp", whack_options = 0, debugging = 0, 
>whack_connection = 0, whack_async = 0, policy = 0, sa_ike_life_seconds = 3600,
>           sa_ipsec_life_seconds = 28800, sa_rekey_margin = 540, sa_rekey_fuzz = 
>100, sa_keying_tries = 0, dpd_delay = 0, dpd_timeout = 0, dpd_action = 
>DPD_ACTION_CLEAR, dpd_count = 0, remotepeertype = NON_CISCO, forceencaps = 0,
>           nmconfigured = NO, connmtu = 0, left = {id = 0x0, cert = 0x0, ca = 
>0x0, groups = 0x0, host_type = KH_NOTSET, host_addr = {u = {v4 = {sin_family = 
>0, sin_port = 0, sin_addr = {s_addr = 0},
>                   sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family 
>= 0, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {__in6_u = {__u6_addr8 = 
>'\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0},
>                       __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}}, 
>host_nexthop = {u = {v4 = {sin_family = 0, sin_port = 0, sin_addr = {s_addr = 
>0}, sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 0,
>                   sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {__in6_u = 
>{__u6_addr8 = '\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 
>0}, __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}}, host_srcip = {u = {v4 = 
>{
>                   sin_family = 0, sin_port = 0, sin_addr = {s_addr = 0}, 
>sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 0, sin6_port = 
>0, sin6_flowinfo = 0, sin6_addr = {__in6_u = {
>                       __u6_addr8 = '\000' <repeats 15 times>, __u6_addr16 = {0, 
>0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}}, 
>client = {addr = {u = {v4 = {sin_family = 0, sin_port = 0, sin_addr = {
>                       s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"}, 
>v6 = {sin6_family = 0, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {__in6_u = 
>{__u6_addr8 = '\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0,
>                           0}, __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 
>0}}}, maskbits = 0}, key_from_DNS_on_demand = 0, has_client = 0, 
>has_client_wildcard = 0, has_port_wildcard = 0, updown = 0x0, host_port = 0, 
>port = 0,
>             protocol = 0 '\000', virt = 0x0, xauth_server = 0, xauth_client = 
>0, xauth_name = 0x0, modecfg_server = 0, modecfg_client = 0, tundev = 0, 
>sendcert = 0, certtype = CERT_NONE, host_addr_name = 0x0}, right = {id = 0x0,
>             cert = 0x0, ca = 0x0, groups = 0x0, host_type = KH_NOTSET, 
>host_addr = {u = {v4 = {sin_family = 0, sin_port = 0, sin_addr = {s_addr = 0}, 
>sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 0, sin6_port = 
>0,
>                   sin6_flowinfo = 0, sin6_addr = {__in6_u = {__u6_addr8 = 
>'\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 
>= {0, 0, 0, 0}}}, sin6_scope_id = 0}}}, host_nexthop = {u = {v4 = {sin_family = 
>0,
>                   sin_port = 0, sin_addr = {s_addr = 0}, sin_zero = 
>"\000\000\000\000\000\000\000"}, v6 = {sin6_family = 0, sin6_port = 0, 
>sin6_flowinfo = 0, sin6_addr = {__in6_u = {__u6_addr8 = '\000' <repeats 15 
>times>,
>                       __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 
>0, 0, 0}}}, sin6_scope_id = 0}}}, host_srcip = {u = {v4 = {sin_family = 0, 
>sin_port = 0, sin_addr = {s_addr = 0},
>                   sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family 
>= 0, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {__in6_u = {__u6_addr8 = 
>'\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0},
>                       __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}}, 
>client = {addr = {u = {v4 = {sin_family = 0, sin_port = 0, sin_addr = {s_addr = 
>0}, sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 0,
>                     sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {__in6_u = 
>{__u6_addr8 = '\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 
>0}, __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}}, maskbits = 0},
>             key_from_DNS_on_demand = 0, has_client = 0, has_client_wildcard = 
>0, has_port_wildcard = 0, updown = 0x0, host_port = 500, port = 0, protocol = 0 
>'\000', virt = 0x0, xauth_server = 0, xauth_client = 0, xauth_name = 0x0,
>             modecfg_server = 0, modecfg_client = 0, tundev = 0, sendcert = 0, 
>certtype = CERT_NONE, host_addr_name = 0x0}, addr_family = 2, 
>tunnel_addr_family = 2, ike = 0x0, pfsgroup = 0x0, esp = 0x0, whack_key = 0, 
>whack_addkey = 0,
>           keyid = 0x0, pubkey_alg = 0, keyval = {ptr = 0x7fffce93106e "", len = 
>0}, whack_myid = 0, myid = 0x0, whack_route = 0, whack_unroute = 0, 
>whack_initiate = 1, whack_oppo_initiate = 0, oppo_my_client = {u = {v4 = {
>                 sin_family = 0, sin_port = 0, sin_addr = {s_addr = 0}, sin_zero 
>= "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 0, sin6_port = 0, 
>sin6_flowinfo = 0, sin6_addr = {__in6_u = {__u6_addr8 = '\000' <repeats 15 
>times>,
>                     __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 
>0, 0, 0}}}, sin6_scope_id = 0}}}, oppo_peer_client = {u = {v4 = {sin_family = 
>0, sin_port = 0, sin_addr = {s_addr = 0},
>                 sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 
>0, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {__in6_u = {__u6_addr8 = 
>'\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 
>= {
>                       0, 0, 0, 0}}}, sin6_scope_id = 0}}}, whack_terminate = 0, 
>whack_delete = 0, whack_deletestate = 0, whack_deletestateno = 0, whack_listen 
>= 0, whack_unlisten = 0, whack_crash = 0, whack_crash_peer = {u = {v4 = {
>                 sin_family = 0, sin_port = 0, sin_addr = {s_addr = 0}, sin_zero 
>= "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 0, sin6_port = 0, 
>sin6_flowinfo = 0, sin6_addr = {__in6_u = {__u6_addr8 = '\000' <repeats 15 
>times>,
>                     __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 
>0, 0, 0}}}, sin6_scope_id = 0}}}, whack_utc = 0, whack_list = 0, 
>whack_purgeocsp = 0, whack_reread = 0 '\000', tpmeval = 0x0, connalias = 0x0,
>           modecfg_dns1 = {u = {v4 = {sin_family = 0, sin_port = 0, sin_addr = 
>{s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 
>0, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {__in6_u = {
>                     __u6_addr8 = '\000' <repeats 15 times>, __u6_addr16 = {0, 
>0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}}, 
>modecfg_dns2 = {u = {v4 = {sin_family = 0, sin_port = 0, sin_addr = {s_addr = 
>0},
>                 sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 
>0, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {__in6_u = {__u6_addr8 = 
>'\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 
>= {
>                       0, 0, 0, 0}}}, sin6_scope_id = 0}}}, modecfg_wins1 = {u = 
>{v4 = {sin_family = 0, sin_port = 0, sin_addr = {s_addr = 0}, sin_zero = 
>"\000\000\000\000\000\000\000"}, v6 = {sin6_family = 0, sin6_port = 0,
>                 sin6_flowinfo = 0, sin6_addr = {__in6_u = {__u6_addr8 = '\000' 
><repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 
>0, 0, 0}}}, sin6_scope_id = 0}}}, modecfg_wins2 = {u = {v4 = {sin_family = 0,
>                 sin_port = 0, sin_addr = {s_addr = 0}, sin_zero = 
>"\000\000\000\000\000\000\000"}, v6 = {sin6_family = 0, sin6_port = 0, 
>sin6_flowinfo = 0, sin6_addr = {__in6_u = {__u6_addr8 = '\000' <repeats 15 
>times>, __u6_addr16 = {
>                       0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}}, 
>sin6_scope_id = 0}}}, metric = 0, dnshostname = 0x0, opt_set = 
>WHACK_ADJUSTOPTIONS, string1 = 0x0, string2 = 0x0, string3 = 0x0, str_size = 0,
>           string = "fcp", '\000' <repeats 4092 times>}
>         msg_saved = {magic = 1869114150, whack_status = 0, whack_shutdown = 0, 
>name_len = 0, name = 0x0, whack_options = 0, debugging = 0, whack_connection = 
>0, whack_async = 0, policy = 0, sa_ike_life_seconds = 3600,
>           sa_ipsec_life_seconds = 28800, sa_rekey_margin = 540, sa_rekey_fuzz = 
>100, sa_keying_tries = 0, dpd_delay = 0, dpd_timeout = 0, dpd_action = 
>DPD_ACTION_CLEAR, dpd_count = 0, remotepeertype = NON_CISCO, forceencaps = 0,
>           nmconfigured = NO, connmtu = 0, left = {id = 0x0, cert = 0x0, ca = 
>0x0, groups = 0x0, host_type = KH_NOTSET, host_addr = {u = {v4 = {sin_family = 
>0, sin_port = 0, sin_addr = {s_addr = 0},
>                   sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family 
>= 0, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {__in6_u = {__u6_addr8 = 
>'\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0},
>                       __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}}, 
>host_nexthop = {u = {v4 = {sin_family = 0, sin_port = 0, sin_addr = {s_addr = 
>0}, sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 0,
>                   sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {__in6_u = 
>{__u6_addr8 = '\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 
>0}, __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}}, host_srcip = {u = {v4 = 
>{
>                   sin_family = 0, sin_port = 0, sin_addr = {s_addr = 0}, 
>sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 0, sin6_port = 
>0, sin6_flowinfo = 0, sin6_addr = {__in6_u = {
>                       __u6_addr8 = '\000' <repeats 15 times>, __u6_addr16 = {0, 
>0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}}, 
>client = {addr = {u = {v4 = {sin_family = 0, sin_port = 0, sin_addr = {
>                       s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"}, 
>v6 = {sin6_family = 0, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {__in6_u = 
>{__u6_addr8 = '\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0,
>                           0}, __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 
>0}}}, maskbits = 0}, key_from_DNS_on_demand = 0, has_client = 0, 
>has_client_wildcard = 0, has_port_wildcard = 0, updown = 0x0, host_port = 0, 
>port = 0,
>             protocol = 0 '\000', virt = 0x0, xauth_server = 0, xauth_client = 
>0, xauth_name = 0x0, modecfg_server = 0, modecfg_client = 0, tundev = 0, 
>sendcert = 0, certtype = CERT_NONE, host_addr_name = 0x0}, right = {id = 0x0,
>             cert = 0x0, ca = 0x0, groups = 0x0, host_type = KH_NOTSET, 
>host_addr = {u = {v4 = {sin_family = 0, sin_port = 0, sin_addr = {s_addr = 0}, 
>sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 0, sin6_port = 
>0,
>                   sin6_flowinfo = 0, sin6_addr = {__in6_u = {__u6_addr8 = 
>'\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 
>= {0, 0, 0, 0}}}, sin6_scope_id = 0}}}, host_nexthop = {u = {v4 = {sin_family = 
>0,
>                   sin_port = 0, sin_addr = {s_addr = 0}, sin_zero = 
>"\000\000\000\000\000\000\000"}, v6 = {sin6_family = 0, sin6_port = 0, 
>sin6_flowinfo = 0, sin6_addr = {__in6_u = {__u6_addr8 = '\000' <repeats 15 
>times>,
>                       __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 
>0, 0, 0}}}, sin6_scope_id = 0}}}, host_srcip = {u = {v4 = {sin_family = 0, 
>sin_port = 0, sin_addr = {s_addr = 0},
>                   sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family 
>= 0, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {__in6_u = {__u6_addr8 = 
>'\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0},
>                       __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}}, 
>client = {addr = {u = {v4 = {sin_family = 0, sin_port = 0, sin_addr = {s_addr = 
>0}, sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 0,
>                     sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {__in6_u = 
>{__u6_addr8 = '\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 
>0}, __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}}, maskbits = 0},
>             key_from_DNS_on_demand = 0, has_client = 0, has_client_wildcard = 
>0, has_port_wildcard = 0, updown = 0x0, host_port = 500, port = 0, protocol = 0 
>'\000', virt = 0x0, xauth_server = 0, xauth_client = 0, xauth_name = 0x0,
>             modecfg_server = 0, modecfg_client = 0, tundev = 0, sendcert = 0, 
>certtype = CERT_NONE, host_addr_name = 0x0}, addr_family = 2, 
>tunnel_addr_family = 2, ike = 0x0, pfsgroup = 0x0, esp = 0x0, whack_key = 0, 
>whack_addkey = 0,
>           keyid = 0x0, pubkey_alg = 0, keyval = {ptr = 0x0, len = 0}, 
>whack_myid = 0, myid = 0x0, whack_route = 0, whack_unroute = 0, whack_initiate 
>= 1, whack_oppo_initiate = 0, oppo_my_client = {u = {v4 = {sin_family = 0,
>                 sin_port = 0, sin_addr = {s_addr = 0}, sin_zero = 
>"\000\000\000\000\000\000\000"}, v6 = {sin6_family = 0, sin6_port = 0, 
>sin6_flowinfo = 0, sin6_addr = {__in6_u = {__u6_addr8 = '\000' <repeats 15 
>times>, __u6_addr16 = {
>                       0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}}, 
>sin6_scope_id = 0}}}, oppo_peer_client = {u = {v4 = {sin_family = 0, sin_port = 
>0, sin_addr = {s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"}, v6 = {
>                 sin6_family = 0, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = 
>{__in6_u = {__u6_addr8 = '\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 
>0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}},
>           whack_terminate = 0, whack_delete = 0, whack_deletestate = 0, 
>whack_deletestateno = 0, whack_listen = 0, whack_unlisten = 0, whack_crash = 0, 
>whack_crash_peer = {u = {v4 = {sin_family = 0, sin_port = 0, sin_addr = {
>                   s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"}, v6 = 
>{sin6_family = 0, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {__in6_u = 
>{__u6_addr8 = '\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 
>0},
>                     __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}}, 
>whack_utc = 0, whack_list = 0, whack_purgeocsp = 0, whack_reread = 0 '\000', 
>tpmeval = 0x0, connalias = 0x0, modecfg_dns1 = {u = {v4 = {sin_family = 0,
>                 sin_port = 0, sin_addr = {s_addr = 0}, sin_zero = 
>"\000\000\000\000\000\000\000"}, v6 = {sin6_family = 0, sin6_port = 0, 
>sin6_flowinfo = 0, sin6_addr = {__in6_u = {__u6_addr8 = '\000' <repeats 15 
>times>, __u6_addr16 = {
>                       0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}}, 
>sin6_scope_id = 0}}}, modecfg_dns2 = {u = {v4 = {sin_family = 0, sin_port = 0, 
>sin_addr = {s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"}, v6 = {
>                 sin6_family = 0, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = 
>{__in6_u = {__u6_addr8 = '\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 
>0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}},
>           modecfg_wins1 = {u = {v4 = {sin_family = 0, sin_port = 0, sin_addr = 
>{s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 
>0, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {__in6_u = {
>                     __u6_addr8 = '\000' <repeats 15 times>, __u6_addr16 = {0, 
>0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}}, 
>modecfg_wins2 = {u = {v4 = {sin_family = 0, sin_port = 0, sin_addr = {s_addr = 
>0},
>                 sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 
>0, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {__in6_u = {__u6_addr8 = 
>'\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 
>= {
>                       0, 0, 0, 0}}}, sin6_scope_id = 0}}}, metric = 0, 
>dnshostname = 0x0, opt_set = WHACK_ADJUSTOPTIONS, string1 = 0x0, string2 = 0x0, 
>string3 = 0x0, str_size = 0, string = "fcp", '\000' <repeats 4092 times>}
>         whackaddr = {sun_family = 1,
>           sun_path = "N", '\000' <repeats 13 times>"\300, 
>TN\000\000\000\000\000<\000\000\000\000\000\000\000\240 
>\223\316\377\177\000\000\371\300H\000\000\000\000\000\017\000\000\000\000\000\000\000\300TN", 
>'\000' <repeats 13 times>, "+TN\000\000\000\000\000\320 
>\223\316\377\177\000\000\340$\223\316\377\177\000\000X\327\313\001\000\000\000\000\001|{N\001"}
>         whackaddrlen = 2
>         whackfd = 10
>         n = 1086
>#8  0x000000000041ce90 in call_server () at 
>/home/lemke/Downloads/openswan/openswan-2.6.35/programs/pluto/server.c:775
>         readfds = {__osfds_bits = {32, 0 <repeats 127 times>}}
>         writefds = {__osfds_bits = {0 <repeats 128 times>}}
>         ndes = 1
>         ifp = 0x0
>#9  0x0000000000419c92 in main (argc=28, argv=0x7fffce932bc8) at 
>/home/lemke/Downloads/openswan/openswan-2.6.35/programs/pluto/plutomain.c:1055
>         fork_desired = 0
>         lockfd = 4
>         ocspuri = 0x0
>         nhelpers = -1
>         coredir = 0x0
>         oco = 0x7014c0
>         nat_traversal = 1
>         nat_t_spf = 1
>         keep_alive = 0
>         force_keepalive = 0
>         virtual_private = 0x7fffce934ab4 
>"%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12"
>
>Regards,
>Bastian
>
>
>Am 22.09.2011 08:48, schrieb Bastian Lemke:
>> Dear Paul,
>> 
>> Am 20.09.2011 15:51, schrieb Paul Wouters:
>>>> #0  oakley_alg_makedb (ai=0x7faa572461c0, base=0x0, maxtrans=0)
>>>>    at 
>>>> /vol/openswan-debs/openswan-2.6.35dr1/programs/pluto/spdb_struct.c:316
>>>>        gsp = 0x0
>>>>        emp_sp = 0x0
>>>>        ike_info = 0x7b6878
>>>>        ealg = 1
>>>>        halg = 1
>>>>        modp = 0
>>>>        eklen = 0
>>>>        last_modp = 0
>>>>        wrong_modp = 0
>>>>        transcnt = 0
>>>>        i = 0
>>> (gdb) bt full
>>> 
>>> That's in AH mode? Are you really trying a connection with ah= parameters? 
>>> If so,
>>> why? I recommend using esp=null if you really want no encryption.
>> No, I'm not setting ah= parameters. I don't even know this parameter :-) And 
>> I don't want to establish an unencrypted connection.
>> I'm not a VPN specialist and have only rudimentary knowledge about the VPN 
>> technology. I only tried to connect to my firewall at work (which works with 
>> OS X and IPSecuritas quite easily) from ubuntu.
>> 
>>> 
>>> If you're not using ah, then things are really weird, and you might need to
>>> recompile without -O2 for gdb to make more sense.
>>> 
>>> Paul
>> 
>> I'll try to recompile openswan this evening to provide you a more useful 
>> stacktrace...
>> 
>> Regards,
>> Bastian
>
>
>------------------------------
>
>_______________________________________________
>Users mailing list
>Users at openswan.org
>http://lists.openswan.org/mailman/listinfo/users
>
>
>End of Users Digest, Vol 94, Issue 35
>*************************************


LeRoy Grubbs
SKYPE - 816-565-4300


More information about the Users mailing list