Package: openswan Version: 1:2.2.0-8 Followup-For: Bug #360735
We are trying to create a VPN tunnel with IPSec between two networks. At one point we have version 2.4.5 and at the other end we have 2.2.0-8 from a pure Debian Sarge distribution. As I have read from 'bugs.debian.org' the problem is somehow at both versions of 'openswan'. The fix was released for version 2.4 in Debian, but not for the version 2.2. Bellow is the line that I consider to be a start point in fixing the problem for 2.2 version of openswan for the stable release: Jun 30 02:47:53 chamisa pluto[1110]: "provo-slc" #2: ASSERTION FAILED at kernel.c:2037: st->st_esp.keymat_len == (key_len + ei->authkeylen) I've found this line in the logs every time I'm trying to start the IPSec connection from the other point. Strange is that this does not happen when I execute 'auto --up' from the Debian server. I've added the line 'dumpdir=/tmp' in /etc/ipsec.conf file and from the core dump I've got this information: chamisa:~# gdb /usr/lib/ipsec/pluto /tmp/core GNU gdb 6.3-debian This GDB was configured as "i386-linux"...(no debugging symbols found) Using host libthread_db library "/lib/tls/libthread_db.so.1". (no debugging symbols found) Core was generated by `/usr/lib/ipsec/pluto --nofork --secretsfile /etc/ipsec.secrets --ipsecdir /etc/'. Program terminated with signal 11, Segmentation fault. warning: current_sos: Can't read pathname for load map: Input/output error Reading symbols from /usr/lib/libgmp.so.3...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libgmp.so.3 Reading symbols from /lib/tls/libresolv.so.2...(no debugging symbols found)...done. Loaded symbols for /lib/tls/libresolv.so.2 Reading symbols from /lib/tls/libc.so.6...(no debugging symbols found)...done. Loaded symbols for /lib/tls/libc.so.6 Reading symbols from /lib/ld-linux.so.2...(no debugging symbols found)...done. Loaded symbols for /lib/ld-linux.so.2 #0 0x400d533b in strlen () from /lib/tls/libc.so.6 I do not know which other tests to run at this time but I'll come back later with other informations if found. -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.8-3-686 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages openswan depends on: ii bsdmainutils 6.0.17 collection of more utilities from ii debianutils 2.8.4 Miscellaneous utilities specific t ii gawk 1:3.1.4-2 GNU awk, a pattern scanning and pr ii host 20000331-9 utility for querying DNS servers ii iproute 20041019-3 Professional tools to control the ii ipsec-tools 1:0.5.2-1sarge1 IPsec tools for Linux ii libc6 2.3.2.ds1-22sarge3 GNU C Library: Shared libraries an ii libgmp3 4.1.4-6 Multiprecision arithmetic library ii libssl0.9.7 0.9.7e-3sarge1 SSL shared libraries ii makedev 2.3.1-77 creates device files in /dev ii openssl 0.9.7e-3sarge1 Secure Socket Layer (SSL) binary a -- debconf information: openswan/existing_x509_key_filename: * openswan/x509_state_name: Utah * openswan/x509_email_address: [EMAIL PROTECTED] * openswan/x509_country_code: US * openswan/x509_self_signed: true * openswan/rsa_key_length: 2048 * openswan/restart: true * openswan/start_level: earliest * openswan/enable-oe: false * openswan/x509_organizational_unit: Technical Dept. * openswan/x509_locality_name: Provo * openswan/existing_x509_certificate: false openswan/existing_x509_certificate_filename: * openswan/x509_common_name: chamisa.museglobal.com * openswan/create_rsa_key: true * openswan/rsa_key_type: x509 * openswan/x509_organization_name: MuseGlobal Inc. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]