Hi Michael, I think the reason why no DH group is set in the KE payload and you get a segmentation fault is that you are mixing an old crypto plugin with a newer build of the daemon/libraries.
The 5.3.1 release added a new method to the diffie_hellman_t interface. It was added at the position where the get_dh_group() getter was in previous releases: get_my_public_value() +set_private_value() get_dh_group() destroy() Which means that get_dh_group() is now at the position destroy() was previously. So any code built against the current version of the diffie_hellman.h header file that calls get_dh_group() for a DH implementation provided by a plugin built against the previous header file will actually call destroy() instead. Since there won't be a return value the DH group is basically undefined and at the same time the DH object is destroyed, causing a segmentation fault when the object is accessed later on (in your case when the DH object is accessed in ike_init_t.migrate()). When upgrading from sources it is recommended to call `make uninstall` in the _original_ build directory (i.e. where you called `make install` previously), which will remove binaries but leave configuration files alone. So keep that build directory around. If you don't want or can do that at least use the same ./configure options (the options used for a previous build can be seen at the top of the config.log file in the build directory). Of course, you can also remove the binaries manually before running `make install` for the new build. Their location depends on the configured --prefix and other options to specify installation paths. By default plugins are installed in `/usr/local/lib/ipsec/plugins`. Regards, Tobias _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
