strongswan's charon crashes shortly after authentication
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
strongswan (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: strongswan
In ubuntu 10.04, I'm configuring a vpn in strongswan 4.3.2-1.1ubuntu1 by hand (without network manager).
All goes fine... up until it crashes.
Here's part of syslog leading up to the crash:
...
May 3 10:17:36 laptop charon: 01[LIB] loading plugin 'resolv-conf' failed: /usr/lib/
May 3 10:17:36 laptop charon: 01[DMN] loaded plugins: curl ldap random x509 pubkey openssl xcbc hmac agent gmp kernel-netlink stroke updown eapidentity eapmd5 eapgtc eapaka eapmschapv2
May 3 10:17:36 laptop charon: 01[JOB] spawning 16 worker threads
May 3 10:17:36 laptop charon: 05[CFG] crl caching to /etc/ipsec.d/crls enabled
May 3 10:17:36 laptop charon: 08[CFG] received stroke: add connection 'yyy.yyy.yyy'
May 3 10:17:36 laptop charon: 08[LIB] loaded certificate file '/etc/ipsec.
May 3 10:17:36 laptop charon: 08[CFG] added configuration 'yyy.yyy.yyy'
May 3 10:17:36 laptop charon: 08[CFG] received stroke: initiate 'yyy.yyy.yyy'
May 3 10:17:36 laptop charon: 08[IKE] initiating IKE_SA yyy.yyy.yyy[1] to xxx.xxx.xxx.254
May 3 10:17:36 laptop charon: 08[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
May 3 10:17:36 laptop charon: 08[NET] sending packet: from 192.168.1.189[500] to xxx.xxx.
May 3 10:17:36 laptop charon: 14[NET] received packet: from xxx.xxx.
May 3 10:17:36 laptop charon: 14[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ]
May 3 10:17:36 laptop charon: 14[IKE] local host is behind NAT, sending keep alives
May 3 10:17:36 laptop charon: 14[IKE] received cert request for "C=xxx ..."
May 3 10:17:36 laptop charon: 14[IKE] sending cert request for "C=xxx ..."
May 3 10:17:36 laptop charon: 14[IKE] authentication of 'C=xxx ...' (myself) with RSA signature successful
May 3 10:17:36 laptop charon: 14[IKE] sending end entity cert "C=xxx ..."
May 3 10:17:36 laptop charon: 14[IKE] establishing CHILD_SA yyy.yyy.yyy
May 3 10:17:36 laptop charon: 14[ENC] generating IKE_AUTH request 1 [ IDi CERT CERTREQ IDr AUTH CP SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) ]
May 3 10:17:36 laptop charon: 14[NET] sending packet: from 192.168.1.189[4500] to xxx.xxx.
May 3 10:17:36 laptop charon: 16[NET] received packet: from xxx.xxx.
May 3 10:17:36 laptop charon: 16[ENC] parsed IKE_AUTH response 1 [ IDr CERT AUTH CP SA TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) ]
May 3 10:17:36 laptop charon: 16[IKE] received end entity cert "C=xxx ..."
May 3 10:17:36 laptop charon: 16[CFG] using certificate "C=xxx ..."
May 3 10:17:36 laptop charon: 16[CFG] using trusted ca certificate "C=xxx ..."
May 3 10:17:36 laptop charon: 16[CFG] checking certificate status of "C=xxx ..."
May 3 10:17:36 laptop charon: 16[CFG] fetching crl from 'http://
May 3 10:17:37 laptop charon: 16[CFG] using trusted certificate "C=xxx ..."
May 3 10:17:37 laptop charon: 16[CFG] crl correctly signed by "C=xxx ..."
May 3 10:17:37 laptop charon: 16[CFG] crl is valid: until May 06 06:32:40 2010
May 3 10:17:37 laptop charon: 16[CFG] certificate status is good
May 3 10:17:37 laptop charon: 16[IKE] authentication of 'C=xxx ...' with RSA signature successful
May 3 10:17:37 laptop charon: 16[DMN] thread 3070172016 received 11
May 3 10:17:37 laptop charon: 03[KNL] creating delete job for ESP CHILD_SA with SPI c42e3cbb and reqid {1}
May 3 10:17:37 laptop charon: 16[DMN] killing ourself, received critical signal
Is there a handy recipe for building charon with debugging symbols and starting it under gdb?
ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: strongswan-ikev2 4.3.2-1.1ubuntu1
ProcVersionSign
Uname: Linux 2.6.32-21-generic i686
Architecture: i386
Date: Mon May 3 11:10:38 2010
ExecutablePath: /usr/lib/
InstallationMedia: Ubuntu 9.10 "Karmic Koala" - Release i386 (20091028.5)
ProcEnviron:
PATH=(custom, no user)
LANG=en_US.utf8
SHELL=/bin/bash
SourcePackage: strongswan
Changed in strongswan (Ubuntu): | |
status: | New → Fix Released |
To build strongSwan with debug symbols, do:
# apt-get build-dep strongswan OPTIONS= nostrip debuild
# apt-get install devscripts
# apt-get source strongswan
# cd strongswan-4.3.2
# DEB_BUILD_
after installing it, you can invoke strongswan with
# ipsec start --attach-gdb
to attach the debugger.