Public bug reported:
I have a Strongswan (Linux strongSwan U5.8.2/K5.4.0-54-generic) IPSec setup and
whenever I connect to it the connection is estabilished succesfully, but when I
try to reach anything on the network the server freezes with kernel panic. The
problem appeared when I upgraded from 18.04 to 20.04
After reboot I can't find anything in the log, so it's a bit hard to gather the
kernel message, the only thing I have saved is this line:
general protection fault: 0000 [#1] SMP PTI
End of the strongswan log:
Nov 30 10:04:53 Wanda ipsec[2038]: 12[IKE] peer requested virtual IP %any
Nov 30 10:04:53 Wanda ipsec[2038]: 12[CFG] sending DHCP DISCOVER to
192.168.2.255
Nov 30 10:04:53 Wanda ipsec[2038]: 12[CFG] sending DHCP DISCOVER to
192.168.2.255
Nov 30 10:04:53 Wanda ipsec[2038]: 01[MGR] ignoring request with ID 5, already
processing
Nov 30 10:04:53 Wanda ipsec[2038]: 12[CFG] sending DHCP DISCOVER to
192.168.2.255
Nov 30 10:04:53 Wanda ipsec[2038]: 05[CFG] received DHCP OFFER 192.168.2.186
from 192.168.2.2
Nov 30 10:04:53 Wanda ipsec[2038]: 12[CFG] sending DHCP REQUEST for
192.168.2.186 to 192.168.2.2
Nov 30 10:04:53 Wanda ipsec[2038]: message repeated 2 times: [ 12[CFG] sending
DHCP REQUEST for 192.168.2.186 to 192.168.2.2]
Nov 30 10:04:53 Wanda ipsec[2038]: 10[CFG] received DHCP ACK for 192.168.2.186
Nov 30 10:04:53 Wanda charon: 12[IKE] no virtual IP found for %any6 requested
by 'ekemate'
Nov 30 10:04:53 Wanda ipsec[2038]: 12[IKE] assigning virtual IP 192.168.2.186
to peer 'ekemate'
Nov 30 10:04:53 Wanda ipsec[2038]: 12[IKE] peer requested virtual IP %any6
Nov 30 10:04:53 Wanda charon: 12[CFG] selected proposal:
ESP:CHACHA20_POLY1305/NO_EXT_SEQ
Nov 30 10:04:53 Wanda charon: 12[IKE] CHILD_SA wandavpn{1} established with
SPIs c52f49dd_i 885fb77c_o and TS 0.0.0.0/0 === 192.168.2.186/32
Nov 30 10:04:53 Wanda charon: 12[ENC] generating IKE_AUTH response 5 [ AUTH
CPRP(ADDR DNS) SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_4_ADDR)
N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_6_ADDR)
N(ADD_6_ADDR) ]
Nov 30 10:04:53 Wanda charon: 12[NET] sending packet: from 192.168.2.200[4500]
to xx.xx.xx.xx[49758] (361 bytes)
And after that the server hangs.
ipsec.conf:
config setup
uniqueids=never
conn %default
keyexchange=ikev2
auto=add
conn wandavpn
compress=no
type=tunnel
keyexchange=ikev2
fragmentation=yes
forceencaps=yes
dpdaction=clear
dpddelay=300s
rekey=no
left=%any
[email protected]
leftcert=fullchain.pem
leftsendcert=always
leftsubnet=0.0.0.0/0
right=%any
rightid=%any
rightauth=eap-mschapv2
rightsourceip=%dhcp
rightsendcert=never
eap_identity=%identity
ike=chacha20poly1305-sha512-curve25519-prfsha512,aes256gcm16-sha384-prfsha384-ecp384,aes256-sha1-modp1024,aes128-sha1-modp1024,3des-sha1-modp1024!
esp=chacha20poly1305-sha512,aes256gcm16-ecp384,aes256-sha256,aes256-sha1,3des-sha1!
Outgoing strongswan vpn connections from the server are OK.
ProblemType: Bug
DistroRelease: Ubuntu 20.04
Package: linux-image-5.4.0-54-generic 5.4.0-54.60
ProcVersionSignature: Ubuntu 5.4.0-54.60-generic 5.4.65
Uname: Linux 5.4.0-54-generic x86_64
NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
AlsaVersion: Advanced Linux Sound Architecture Driver Version k5.4.0-54-generic.
ApportVersion: 2.20.11-0ubuntu27.13
Architecture: amd64
ArecordDevices:
**** List of CAPTURE Hardware Devices ****
card 1: PCH [HDA Intel PCH], device 0: VT1708S Analog [VT1708S Analog]
Subdevices: 1/1
Subdevice #0: subdevice #0
Card0.Amixer.info:
Card hw:0 'HDMI'/'HDA Intel HDMI at 0xf0530000 irq 39'
Mixer name : 'Intel Haswell HDMI'
Components : 'HDA:80862807,80860101,00100000'
Controls : 35
Simple ctrls : 5
Card1.Amixer.info:
Card hw:1 'PCH'/'HDA Intel PCH at 0xf0534000 irq 38'
Mixer name : 'VIA VT1708S'
Components : 'HDA:11060397,11060397,00100000'
Controls : 44
Simple ctrls : 19
CasperMD5CheckResult: skip
CurrentDmesg: Error: command ['dmesg'] failed with exit code 1: dmesg: read
kernel buffer failed: Operation not permitted
Date: Mon Nov 30 09:52:14 2020
HibernationDevice: RESUME=UUID=092254a8-e041-4d98-a9a4-f3d14a43b1b2
InstallationDate: Installed on 2016-09-09 (1542 days ago)
InstallationMedia: Ubuntu-Server 16.04.1 LTS "Xenial Xerus" - Release amd64
(20160719)
MachineType: Intel Corporation Shark Bay Platform
ProcFB: 0 i915drmfb
ProcKernelCmdLine: BOOT_IMAGE=/@/boot/vmlinuz-5.4.0-54-generic
root=UUID=87b5701c-2653-40a2-b67d-c82ac43618ec ro rootflags=subvol=@
intel_iommu=on,igfx_off
RelatedPackageVersions:
linux-restricted-modules-5.4.0-54-generic N/A
linux-backports-modules-5.4.0-54-generic N/A
linux-firmware 1.187.4
RfKill: Error: [Errno 2] No such file or directory: 'rfkill'
SourcePackage: linux
UpgradeStatus: Upgraded to focal on 2020-09-30 (60 days ago)
acpidump:
Error: command ['pkexec', '/usr/share/apport/dump_acpi_tables.py'] failed with
exit code 127: polkit-agent-helper-1: error response to PolicyKit daemon:
GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: No session for cookie
Error executing command as another user: Not authorized
This incident has been reported.
dmi.bios.date: 01/05/2015
dmi.bios.vendor: Phoenix Technologies Ltd.
dmi.bios.version: KTQM04
dmi.board.asset.tag: Base Board Asset Tag
dmi.board.name: KTQM87/mITX
dmi.board.vendor: Kontron Technology
dmi.board.version: 13010000
dmi.chassis.asset.tag: Asset Tag
dmi.chassis.type: 9
dmi.chassis.vendor: Intel Corporation
dmi.chassis.version: 0.1
dmi.modalias:
dmi:bvnPhoenixTechnologiesLtd.:bvrKTQM04:bd01/05/2015:svnIntelCorporation:pnSharkBayPlatform:pvr0.1:rvnKontronTechnology:rnKTQM87/mITX:rvr13010000:cvnIntelCorporation:ct9:cvr0.1:
dmi.product.family: Shark Bay System
dmi.product.name: Shark Bay Platform
dmi.product.sku: System SKUNumber
dmi.product.version: 0.1
dmi.sys.vendor: Intel Corporation
** Affects: linux (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug focal
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1906239
Title:
Kernel panic with Strongswan IPSec vpn after 20.4 update
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1906239/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
