Bug#477677: Openswan: Pluto dies on connection attempt

[Andriy Lesyuk]

Package: openswan
Version: 2.4.6+dfsg.2-1.1
Severity: important
I'm trying to set up Openswan in Road Warrior mode. Currently my setup 
uses shared key.

ipsec.conf:
-----------------------------------------------------------------------------------------------------------------
version 2.0

config setup
    nat_traversal=yes
    interfaces=ipsec0=eth1
    rp_filter=0
    syslog=local6.info
    plutodebug=all
    dumpdir=/etc/ipsec.d

conn nung-server
    type=tunnel
    left=x.x.x.x
    right=%any
    leftprotoport=17/1701
    rightprotoport=17/1701
    [EMAIL PROTECTED]
    authby=secret
    keyingtries=3
    pfs=no
    auto=add
    rekey=no

include /etc/ipsec.d/examples/no_oe.conf
-----------------------------------------------------------------------------------------------------------------

ipsec.secrets:
-----------------------------------------------------------------------------------------------------------------
: RSA /etc/ipsec.d/private/baseKey.pem
@hostname %any: PSK "KeyForTestingOnly"
-----------------------------------------------------------------------------------------------------------------

Pluto dies on any connection attempt from Windows XP client. Here are logs:

-----------------------------------------------------------------------------------------------------------------
Apr 24 16:01:43 base ipsec__plutorun: /usr/lib/ipsec/_plutorun: line 
217: 10348 Segmentation fault      (core dumped) /usr/lib/ipsec/pluto 
--nofork --secretsfile /etc/ipsec.secrets --ipsecdir /etc/ipsec.d 
--debug-all --use-auto --uniqueids --nat_traversal
Apr 24 16:01:43 base ipsec__plutorun: !pluto failure!:  exited with 
error status 139 (signal 11)
Apr 24 16:01:43 base ipsec__plutorun: restarting IPsec after pause...
-----------------------------------------------------------------------------------------------------------------

When running gdb with the core file it shows:
-----------------------------------------------------------------------------------------------------------------
(gdb) where
#0  0xb7dcf43b in strlen () from /lib/tls/i686/cmov/libc.so.6
#1  0xb7da3164 in vfprintf () from /lib/tls/i686/cmov/libc.so.6
#2  0xb7dc0f81 in vsnprintf () from /lib/tls/i686/cmov/libc.so.6
#3  0x080578d2 in ?? ()
#4  0xbff04e5c in ?? ()
#5  0x00000400 in ?? ()
#6  0x080e19ec in _IO_stdin_used ()
#7  0xbff05274 in ?? ()
#8  0x73736563 in ?? ()
#9  0x6f66202c in ?? ()
#10 0x20646e75 in ?? ()
#11 0x656b6670 in ?? ()
#12 0x696c5f79 in ?? ()
#13 0x65645f62 in ?? ()
#14 0x3a677562 in ?? ()
#15 0x656b6670 in ?? ()
#16 0x736d5f79 in ?? ()
#17 0x61705f67 in ?? ()
#18 0x3a657372 in ?? ()
#19 0x72617020 in ?? ()
#20 0x676e6973 in ?? ()
#21 0x74786520 in ?? ()
#22 0x70797420 in ?? ()
#23 0x30333d65 in ?? ()
#24 0x414f2d28 in ?? ()
#25 0x61702029 in ?? ()
#26 0x64657372 in ?? ()
#27 0x7800202e in ?? ()
#28 0x656c5f74 in ?? ()
#29 0x20313d6e in ?? ()
#30 0x73726170 in ?? ()
#31 0x20676e69 in ?? ()
#32 0x20747865 in ?? ()
#33 0x78307030 in ?? ()
#34 0x30303138 in ?? ()
#35 0x20303431 in ?? ()
#36 0x68746977 in ?? ()
#37 0x72617020 in ?? ()
#38 0x20726573 in ?? ()
#39 0x656b6670 in ?? ()
#40 0x5f785f79 in ?? ()
#41 0x5f747865 in ?? ()
#42 0x5f74616e in ?? ()
#43 0x6f705f74 in ?? ()
#44 0x705f7472 in ?? ()
#45 0x65737261 in ?? ()
#46 0x2e00202e in ?? ()
#47 0xbff00020 in ?? ()
#48 0xb7e924c0 in __after_morecore_hook () from /lib/tls/i686/cmov/libc.so.6
#49 0x080ffef0 in ?? ()
#50 0xb7e90ff4 in ?? () from /lib/tls/i686/cmov/libc.so.6
#51 0x656b6670 in ?? ()
#52 0x696c5f79 in ?? ()
#53 0x65645f62 in ?? ()
#54 0x3a677562 in ?? ()
#55 0x656b6670 in ?? ()
#56 0x736d5f79 in ?? ()
#57 0x75625f67 in ?? ()
#58 0x3a646c69 in ?? ()
#59 0x74786520 in ?? ()
#60 0x69736e65 in ?? ()
#61 0x20736e6f in ?? ()
#62 0x6d726570 in ?? ()
#63 0x65747469 in ?? ()
#64 0x38373d64 in ?? ()
#65 0x66313030 in ?? ()
#66 0x202c6266 in ?? ()
#67 0x6e656573 in ?? ()
#68 0x3038373d in ?? ()
#69 0x36333030 in ?? ()
#70 0x72202c33 in ?? ()
#71 0x69757165 in ?? ()
#72 0x3d646572 in ?? ()
#73 0x30303030 in ?? ()
#74 0x33363030 in ?? ()
#75 0x6600202e in ?? ()
#76 0x34343630 in ?? ()
#77 0x00002063 in ?? ()
#78 0x0000006e in ?? ()
#79 0x00000001 in ?? ()
#80 0x00002a30 in ?? ()
#81 0x080fe298 in ?? ()
#82 0xbff06600 in ?? ()
#83 0xbff06a38 in ?? ()
#84 0x08057948 in ?? ()
#85 0x00000007 in ?? ()
#86 0x080bd9bb in _IO_stdin_used ()
#87 0x0000007c in ?? ()
#88 0xbff0662c in ?? ()
#89 0xb7e909c0 in _IO_wfile_jumps () from /lib/tls/i686/cmov/libc.so.6
#90 0x00000000 in ?? ()
-----------------------------------------------------------------------------------------------------------------

I have no idea what can be wrong in the configuration files (they seem 
to be fine). Have no idea why it crashes (gdb does not contain symbols). 
I have tried to post gdb output to Openswan mail list but they said: a) 
that I need to recompile openswan with symbols and b) that I should use 
more recent version.

As I understood pluto is known to crash often. If so I wonder why debian 
stable does not have -gdb version of it (like it has gdb versions for 
apache, exim, samba etc while they are known to crash more rarely)?

How can I solve this particular situation? Is there any repository with 
newer version of openswan? Is there some error in my config (I don't see 
any)?

I'm using custom kernel (debian linux-source-2.6.18 
(2.6.18.dfsg.1-18etch1) + openswan-2.4.6.kernel-2.6-klips).

Versions of all packages are the same as in debian stable at the moment.

Thanks,
Andriy



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]