Hello Gowri, this seems to be the same problem (however I cannot confirm that SIGSEGV is the culprit in my case).
I saw that you hadn't been able to reproduce the error on x86. My error occurred on x86 while running on virtualized hardware (virtual box). Sincerely, Vilhelm Jutvik 2012/3/21 gowrishankar <gowrishanka...@linux.vnet.ibm.com>: > Hi Tobias, > > > On Wednesday 21 March 2012 12:44 AM, Vilhelm Jutvik wrote: >> >> Dear Tobias, >> >> thank you very much. I thought that charon was signalled by the IPsec >> stack's SPD when a new SA was to be negotiated, not that it itself set >> the policy. >> >> Your solution didn't work right away though. I found that "ipsec >> start" only started the starter process and nothing more. It was not >> until I removed the charondebug option of the config section (as seen >> below) that it started. It works though if you limit the debugging >> level and / or the number of debugging options. I've reproduced this >> several times just to be sure. Why is this? >> > I have observed the same problem recently and posted a patch in > issue tracker. Can you please have a check. > > http://wiki.strongswan.org/issues/184 > > Thanks, > Gowri Shankar > >> The problem line was (in full): >> charondebug="asn 3,knl 3,mgr 3,ike 3,chd 3,net 3,enc 3" >> It works if you change it so (e.g.) charondebug="ike 3" >> >> My strongswan version is 4.5.2 as included in Ubuntu 11.10 >> >> Sincerely, >> Vilhelm Jutvik >> MS Thesis Student at SICS >> >> 2012/3/13 Tobias Brunner<tob...@strongswan.org>: >>> >>> Hi Vilhelm, >>> >>>> config setup >>>> crlcheckinterval=180 >>>> strictcrlpolicy=no >>>> plutostart=no >>>> charondebug="asn 4, knl 4,mgr 4,ike 4,chd 4,net 4,enc 4" >>>> >>>> conn %default >>>> auth=esp >>>> authby=psk >>>> esp=aes128ctr-aesxcbc! >>>> ikelifetime=60m >>>> keylife=20m >>>> keyingtries=1 >>>> rekeymargin=3m >>>> keyexchange=ikev2 >>>> ike=aes128ctr-aesxcbc-ecp192! >>>> type=transport >>> >>> Your config file looks incomplete. You have to specify at least one >>> conn section (other than %default) with the auto keyword (auto can be >>> specified in %default, though). Where auto=route might be what you >>> want, as charon will then install policies in the kernel's SPD and an SA >>> will automatically be negotiated upon matching traffic. You also need >>> to specify right and optionally left (the endpoints of the IKE_SA) in >>> that conn section. If you only want specific traffic to be tunneled use >>> the left|rightsubnet and left|rightprotoport keywords (see the example >>> at [1]). >>> >>> Also if you want to configure the policies in the kernel yourself make >>> sure you use a reqid> 0 and then specify reqid=<reqid> and >>> installpolicy=no in the respective conn section. >>> >>> Regards, >>> Tobias >>> >>> [1] http://www.strongswan.org/uml/testresults/ikev2/protoport-route/ >> >> _______________________________________________ >> Users mailing list >> Users@lists.strongswan.org >> https://lists.strongswan.org/mailman/listinfo/users >> >> > _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users