Welcome, Guest. Please login or register.
Did you miss your activation email?
Tuesday 19 November 2024, 08:35:00 am

Login with username, password and session length

The Latest Endian Firewall is now available for download HERE
14258 Posts in 4377 Topics by 6515 Members
Latest Member: hulteends
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  VPN Support
| | |-+  ipsec in 2.2 Beta 2
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: ipsec in 2.2 Beta 2  (Read 21900 times)
gveloper
Jr. Member
*
Offline Offline

Posts: 1


« on: Monday 21 January 2008, 06:44:09 am »

I'm getting a constant error trying to set up an ipsec tunnel in 2.2 b2.
Openswan seems to be segfaulting immediately before tying to contact the remote

The core dump reveals:

Code:
Terminating %s.

     uid=%d  euid=%d  pid=%d
 Call stack:
     %p  %s
     %p        %s
 Detected an attempt to write across stack boundary. Detected an attempt to write across stack boundary.
 dlsym %s error:%s
 strcpy memcpy Overflow caused by strcpy() strncpy Overflow caused by strncpy() stpcpy Overflow caused by stpcpy() wcscpy Overflow caused by wcscpy() wcpcpy Overflow caused by wcpcpy() Overflow caused by memcpy() strcat Overflow caused by strcat() Overflow caused by strncat() strncat wcscat Overflow caused by wcscat() vfprintf printf("%%n") overflow caused by sprintf() vsnprintf vsprintf overflow caused by snprintf() overflow caused by vsprintf() getwd Overflow caused by getwd() gets realpath Overflow caused by realpath() _IO_vfscanf Overflow caused by *scanf() /etc/libsafe.exclude LIBSAFE_PROTECT_ROOT    overflow caused by vsnprintf()^

A clip from the log follows:


Code:
Jan 20 14:03:10 core ipsec__plutorun: /usr/lib/ipsec/_plutorun: line 237: 12055 Aborted                 /usr/libexec/ipsec/pluto --nofork --secretsfile /etc/ipsec/ipsec.secrets --ipsecdir /etc/ipsec/ipsec.d --debug-crypt --debug-parsing --debug-emitting --debug-control --debug-klips --debug-dns --debug-nat_t --use-auto --uniqueids --nat_traversal --virtual_private '[CLIPPED FOR SECURITY]'
Jan 20 14:03:10 core ipsec__plutorun: 003 ASSERTION FAILED at alg_info.c:844: buflen >= 0
Jan 20 14:03:10 core ipsec__plutorun: 000 %myid = (none)
Jan 20 14:03:10 core ipsec__plutorun: 000 debug crypt+parsing+emitting+control+klips+dns+nattraversal
Jan 20 14:03:10 core ipsec__plutorun: 000 
Jan 20 14:03:10 core ipsec__plutorun: 000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=64, keysizemin=192, keysizemax=192
Jan 20 14:03:10 core ipsec__plutorun: 000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=128, keysizemin=128, keysizemax=256
Jan 20 14:03:10 core ipsec__plutorun: 000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, keysizemax=128
Jan 20 14:03:10 core ipsec__plutorun: 000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160, keysizemax=160
Jan 20 14:03:10 core ipsec__plutorun: 000 
Jan 20 14:03:10 core ipsec__plutorun: 000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8, keydeflen=192
Jan 20 14:03:10 core ipsec__plutorun: 000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16, keydeflen=128
Jan 20 14:03:10 core ipsec__plutorun: 000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16
Jan 20 14:03:10 core ipsec__plutorun: 000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20
Jan 20 14:03:10 core ipsec__plutorun: 000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
Jan 20 14:03:10 core ipsec__plutorun: 000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
Jan 20 14:03:10 core ipsec__plutorun: 000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
Jan 20 14:03:10 core ipsec__plutorun: 000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
Jan 20 14:03:10 core ipsec__plutorun: 000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
Jan 20 14:03:10 core ipsec__plutorun: 000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
Jan 20 14:03:10 core ipsec__plutorun: 000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
Jan 20 14:03:10 core ipsec__plutorun: 000 
Jan 20 14:03:10 core ipsec__plutorun: 000 stats db_ops.c: {curr_cnt, total_cnt, maxsz} :context={0,0,0} trans={0,0,0} attrs={0,0,0}
Jan 20 14:03:10 core ipsec__plutorun: 000 
Jan 20 14:03:10 core ipsec__plutorun: 000 
Jan 20 14:03:10 core ipsec__plutorun: 000 
Jan 20 14:03:10 core ipsec__plutorun: ...could not add conn "TEST"
Jan 20 14:03:10 core ipsec__plutorun: whack: is Pluto running?  connect() for "/var/run/pluto/pluto.ctl" failed (111 Connection refused)
Jan 20 14:03:10 core ipsec__plutorun: whack: is Pluto running?  connect() for "/var/run/pluto/pluto.ctl" failed (111 Connection refused)
Jan 20 14:03:10 core ipsec__plutorun: ...could not route conn "TEST"
Jan 20 14:03:10 core ipsec__plutorun: whack: is Pluto running?  connect() for "/var/run/pluto/pluto.ctl" failed (111 Connection refused)
Jan 20 14:03:10 core ipsec__plutorun: ...could not start conn "TEST"
Jan 20 14:03:10 core ipsec__plutorun: !pluto failure!:  exited with error status 134 (signal 6)
Jan 20 14:03:10 core ipsec__plutorun: restarting IPsec after pause...
Jan 20 14:03:24 core ipsec__plutorun: Restarting Pluto subsystem...


Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.047 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com