Package: openswan
Version: 1:2.2.0-8
Followup-For: Bug #360735
We are trying to create a VPN tunnel with IPSec between two networks. At
one point we have version 2.4.5 and at the other end we have 2.2.0-8
from a pure Debian Sarge distribution.
As I have read from 'bugs.debian.org' the problem is somehow at both
versions of 'openswan'. The fix was released for version 2.4 in Debian,
but not for the version 2.2.
Bellow is the line that I consider to be a start point in fixing the
problem for 2.2 version of openswan for the stable release:
Jun 30 02:47:53 chamisa pluto[1110]: "provo-slc" #2: ASSERTION FAILED at
kernel.c:2037: st->st_esp.keymat_len == (key_len + ei->authkeylen)
I've found this line in the logs every time I'm trying to start the
IPSec connection from the other point. Strange is that this does not
happen when I execute 'auto --up' from the Debian server.
I've added the line 'dumpdir=/tmp' in /etc/ipsec.conf file and from the
core dump I've got this information:
chamisa:~# gdb /usr/lib/ipsec/pluto /tmp/core
GNU gdb 6.3-debian
This GDB was configured as "i386-linux"...(no debugging symbols found)
Using host libthread_db library "/lib/tls/libthread_db.so.1".
(no debugging symbols found)
Core was generated by `/usr/lib/ipsec/pluto --nofork --secretsfile
/etc/ipsec.secrets --ipsecdir /etc/'.
Program terminated with signal 11, Segmentation fault.
warning: current_sos: Can't read pathname for load map: Input/output
error
Reading symbols from /usr/lib/libgmp.so.3...(no debugging symbols
found)...done.
Loaded symbols for /usr/lib/libgmp.so.3
Reading symbols from /lib/tls/libresolv.so.2...(no debugging symbols
found)...done.
Loaded symbols for /lib/tls/libresolv.so.2
Reading symbols from /lib/tls/libc.so.6...(no debugging symbols
found)...done.
Loaded symbols for /lib/tls/libc.so.6
Reading symbols from /lib/ld-linux.so.2...(no debugging symbols
found)...done.
Loaded symbols for /lib/ld-linux.so.2
#0 0x400d533b in strlen ()
from /lib/tls/libc.so.6
I do not know which other tests to run at this time but I'll come back
later with other informations if found.
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8-3-686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages openswan depends on:
ii bsdmainutils 6.0.17 collection of more utilities from
ii debianutils 2.8.4 Miscellaneous utilities specific t
ii gawk 1:3.1.4-2 GNU awk, a pattern scanning and pr
ii host 20000331-9 utility for querying DNS servers
ii iproute 20041019-3 Professional tools to control the
ii ipsec-tools 1:0.5.2-1sarge1 IPsec tools for Linux
ii libc6 2.3.2.ds1-22sarge3 GNU C Library: Shared libraries an
ii libgmp3 4.1.4-6 Multiprecision arithmetic library
ii libssl0.9.7 0.9.7e-3sarge1 SSL shared libraries
ii makedev 2.3.1-77 creates device files in /dev
ii openssl 0.9.7e-3sarge1 Secure Socket Layer (SSL) binary a
-- debconf information:
openswan/existing_x509_key_filename:
* openswan/x509_state_name: Utah
* openswan/x509_email_address: [EMAIL PROTECTED]
* openswan/x509_country_code: US
* openswan/x509_self_signed: true
* openswan/rsa_key_length: 2048
* openswan/restart: true
* openswan/start_level: earliest
* openswan/enable-oe: false
* openswan/x509_organizational_unit: Technical Dept.
* openswan/x509_locality_name: Provo
* openswan/existing_x509_certificate: false
openswan/existing_x509_certificate_filename:
* openswan/x509_common_name: chamisa.museglobal.com
* openswan/create_rsa_key: true
* openswan/rsa_key_type: x509
* openswan/x509_organization_name: MuseGlobal Inc.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
