Welcome, Guest. Please login or register.
Did you miss your activation email?
Tuesday 31 December 2024, 04:02:54 am

Login with username, password and session length

Download the latest community FREE version  HERE
14262 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  General Support
| | |-+  Update from 2.3 to 2.4 breaks IPSec
0 Members and 0 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Update from 2.3 to 2.4 breaks IPSec  (Read 11975 times)
aender
Full Member
***
Offline Offline

Posts: 10


WWW
« on: Friday 28 May 2010, 04:42:50 am »

After an update from 2.3 to 2.4 my IPSec connection works no longer

Error in /var/log/messages

can not load config '/etc/ipsec/ipsec.conf': /etc/ipsec/ipsec.conf:30: syntax error, unexpected STRING [pfsgroup]

Found this:

h t t p://lists.openswan.org/pipermail/users/2009-May/016605.html


Look like a kernel Oops:

May 27 20:49:46 efw pluto[17434]: loading secrets from "/etc/ipsec/ipsec.secrets"
May 27 20:49:46 efw ipsec__plutorun: 003 NAT-Traversal: Trying new style NAT-T
May 27 20:49:46 efw kernel: [ 2255.700260] BUG: unable to handle kernel paging request at 65776f70
May 27 20:49:46 efw kernel: [ 2255.700533] IP: [<c04c85fe>] selinux_socket_sock_rcv_skb+0x18/0x32f
May 27 20:49:46 efw kernel: [ 2255.700757] *pde = 00000000
May 27 20:49:46 efw kernel: [ 2255.700967] Oops: 0000 [#135] SMP
May 27 20:49:46 efw kernel: [ 2255.701225] Modules linked in: sg raid1 dock libata scsi_mod ata_piix sr_mod capi button jbd cdrom ata_generic pcspkr uhci_hcd libphy ext3 mii pata_acpi ehci_hcd i2c_core fan i2c_i801 r8169 capifs iptable_filter tg3 sd_mod usb_storage dm_mod nf_conntrack_ftp nf_conntrack_amanda nf_conntrack_ipv4 kernelcapi x_tables nf_nat ip_tables iptable_nat nf_conntrack ts_kmp nf_nat_amanda nf_nat_h323 nf_nat_ftp xt_tcpudp nf_conntrack_irc nf_nat_irc nf_nat_tftp nf_conntrack_h323 nf_conntrack_tftp nf_conntrack_proto_gre nf_conntrack_pptp nf_nat_proto_gre nf_nat_pptp nf_nat_sip nf_conntrack_netbios_ns nf_conntrack_sip nf_nat_snmp_basic llc stp garp iptable_mangle ebtables 8021q ebtable_filter ebtable_nat ipt_REJECT bridge xt_state xt_TCPMSS xt_MARK xt_physdev ebt_mark_m xt_limit xt_mark xt_iprange tun xt_connmark xt_CONNMARK crypto_blkcipher aes_generic des_generic aes_i586 xt_hashlimit twofish cbc sha512_generic xcbc sha256_generic ecb blowfish twofish_common aead ccm ipv6 serpent ocf(P) ipsec
May 27 20:49:46 efw kernel: [ 2255.701253]
May 27 20:49:46 efw kernel: [ 2255.701253] Pid: 17434, comm: pluto Tainted: P      D   (2.6.27.19-72.e22 #1)
May 27 20:49:46 efw kernel: [ 2255.701253] EIP: 0060:[<c04c85fe>] EFLAGS: 00010286 CPU: 1
May 27 20:49:46 efw kernel: [ 2255.701253] EIP is at selinux_socket_sock_rcv_skb+0x18/0x32f
May 27 20:49:46 efw kernel: [ 2255.701253] EAX: 65776f70 EBX: f654a038 ECX: c06b8180 EDX: f658a840
May 27 20:49:46 efw kernel: [ 2255.701253] ESI: f658a840 EDI: f654a018 EBP: f658a840 ESP: f4f23b0c
May 27 20:49:46 efw kernel: [ 2255.701253]  DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
May 27 20:49:46 efw kernel: [ 2255.701253] Process pluto (pid: 17434, ti=f4f23000 task=f71deb50 task.ti=f4f23000)
May 27 20:49:46 efw kernel: [ 2255.701253] Stack: f654a018 00000001 f8c3aa5e f4f23d10 f4f23d10 f4f23d2c 00000018 00000282
May 27 20:49:46 efw kernel: [ 2255.701253]        f8c3d17a 00000018 00000003 f4f23d2c 00000010 f8c3d17a f5441b08 00180000
May 27 20:49:46 efw kernel: [ 2255.701253]        f4f23c48 f4f23ba4 00000000 f8c3cccb 00010000 35353200 3535322e 3535322e
May 27 20:49:46 efw kernel: [ 2255.701253] Call Trace:
May 27 20:49:46 efw kernel: [ 2255.701253]  [<f8c3aa5e>] addrtoa+0x92/0xa8 [ipsec]
May 27 20:49:46 efw kernel: [ 2255.701253]  [<f8c3d17a>] pfkey_address_build+0x24e/0x2e7 [ipsec]
May 27 20:49:46 efw kernel: [ 2255.701253]  [<f8c3d17a>] pfkey_address_build+0x24e/0x2e7 [ipsec]
May 27 20:49:46 efw ipsec__plutorun: /usr/lib/ipsec/_plutorun: line 245: 17434 Segmentation fault      /usr/libexec/ipsec/pluto --nofork --secretsfile /etc/ipsec/ipsec.secrets --ipsecdir /etc/ipsec/ipsec.d --use-auto --uniqueids --nat_traversal --virtual_private %v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:!192.168.124.0/24,%v4:!192.168.99.0/24,%v4:!10.254.1.0/24
May 27 20:49:46 efw pluto[17439]: pluto_crypto_helper: helper (0) is  normal exiting
May 27 20:49:46 efw kernel: [ 2255.701253]  [<f8c3cccb>] pfkey_sa_build+0x8f/0x97 [ipsec]
May 27 20:49:46 efw kernel: [ 2255.701253]  [<c04c3379>] security_sock_rcv_skb+0xc/0xd
May 27 20:49:46 efw kernel: [ 2255.701253]  [<c0599a78>] sk_filter+0xc/0x6c
May 27 20:49:46 efw kernel: [ 2255.701253]  [<c0588eeb>] sock_queue_rcv_skb+0x26/0xb1
May 27 20:49:46 efw kernel: [ 2255.701253]  [<f8c340be>] pfkey_upmsgsk+0x12d/0x161 [ipsec]
May 27 20:49:46 efw kernel: [ 2255.701253]  [<f8c39145>] pfkey_x_addflow_parse+0x65b/0x71a [ipsec]
May 27 20:49:46 efw kernel: [ 2255.701253]  [<c0480068>] __pollwait+0x0/0xac
May 27 20:49:46 efw kernel: [ 2255.701253]  [<c041fded>] default_wake_function+0x0/0x8
May 27 20:49:46 efw kernel: [ 2255.701253]  [<f8c3a9c0>] ultoa+0xa8/0xb4 [ipsec]
May 27 20:49:46 efw kernel: [ 2255.701253]  [<c041fded>] default_wake_function+0x0/0x8
May 27 20:49:46 efw kernel: [ 2255.701253]  [<f8c38267>] pfkey_alloc_eroute+0x3f/0xea [ipsec]
May 27 20:49:46 efw kernel: [ 2255.701253]  [<f8c39acd>] pfkey_address_process+0x24b/0x48b [ipsec]
May 27 20:49:46 efw kernel: [ 2255.701253]  [<f8c34f91>] pfkey_msg_interp+0x240/0x2bd [ipsec]
May 27 20:49:46 efw kernel: [ 2255.701253]  [<f8c34b2d>] pfkey_sendmsg+0x287/0x396 [ipsec]
May 27 20:49:46 efw kernel: [ 2255.701253]  [<c0585f8e>] sock_aio_write+0xdd/0xea
May 27 20:49:46 efw kernel: [ 2255.701253]  [<c0474dd4>] do_sync_write+0xbf/0x100
May 27 20:49:46 efw kernel: [ 2255.701253]  [<c0434a60>] autoremove_wake_function+0x0/0x2d
May 27 20:49:46 efw kernel: [ 2255.701253]  [<c04c97db>] selinux_file_permission+0xe6/0xfc
May 27 20:49:46 efw kernel: [ 2255.701253]  [<c04c2ed4>] security_file_permission+0xc/0xd
May 27 20:49:46 efw kernel: [ 2255.701253]  [<c047555e>] vfs_write+0x94/0x120
May 27 20:49:46 efw kernel: [ 2255.701253]  [<c0475acd>] sys_write+0x40/0x8e
May 27 20:49:46 efw kernel: [ 2255.701253]  [<c0403a5e>] system_call_done+0x0/0x4
May 27 20:49:46 efw kernel: [ 2255.701253]  [<c05f0000>] quirk_e100_interrupt+0x76/0x159
May 27 20:49:46 efw kernel: [ 2255.701253]  =======================
May 27 20:49:46 efw kernel: [ 2255.701253] Code: 00 00 00 00 e8 45 8d fa ff 83 c4 14 89 d8 5b 5e 5f 5d c3 55 89 d5 57 56 53 83 ec 6c 89 04 24 8b 18 8b 80 40 01 00 00 66 83 fb 02 <8b> 00 89 44 24 04 74 19 31 ff 66 83 fb 0a 0f 85 f9 02 00 00 66
May 27 20:49:46 efw kernel: [ 2255.701253] EIP: [<c04c85fe>] selinux_socket_sock_rcv_skb+0x18/0x32f SS:ESP 0068:f4f23b0c
May 27 20:49:46 efw kernel: [ 2255.723670] ---[ end trace cdf975f694efb29a ]---
May 27 20:49:46 efw ipsec__plutorun: whack: is Pluto running?  connect() for "/var/run/pluto/pluto.ctl" failed (111 Connection refused)
May 27 20:49:46 efw ipsec__plutorun: !pluto failure!:  exited with error status 139 (signal 11)
May 27 20:49:46 efw ipsec__plutorun: restarting IPsec after pause...
May 27 20:49:50 efw sudo:   nobody : TTY=unknown ; PWD=/home/httpd/cgi-bin ; USER=root ; COMMAND=/usr/sbin/ipsec auto --status
May 27 20:49:55 efw kernel: [ 2264.498018] ipsec0: no IPv6 routers present
Logged

Help us to create a real endian community at http://endian.secureit.at
aender
Full Member
***
Offline Offline

Posts: 10


WWW
« Reply #1 on: Friday 28 May 2010, 05:02:56 am »

RESOLVED !?

Delete the IPSec Tunnel
Create new Tunnel with the same settings
Reboot Firewall

WORKS AT THE MOMENT !?
Logged

Help us to create a real endian community at http://endian.secureit.at
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.078 seconds with 21 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com