Hi Vilhelm, On Wednesday 21 March 2012 03:24 PM, Vilhelm Jutvik wrote: > Hello Gowri, > > this seems to be the same problem (however I cannot confirm that > SIGSEGV is the culprit in my case). >
So, can you check/paste what is happening while ENC parsing IKE_SA_INIT response for SA payload. You can get it from charon.log with strongswan.conf setting as in http://wiki.strongswan.org/issues/184 If you see that, charon restarts just after that, following a error message something like "killing ourself, received critical signal", this confirms the SIGSEGV issue. Thanks, Gowri Shankar > I saw that you hadn't been able to reproduce the error on x86. My > error occurred on x86 while running on virtualized hardware (virtual > box). > > Sincerely, > Vilhelm Jutvik > > 2012/3/21 gowrishankar<gowrishanka...@linux.vnet.ibm.com>: >> Hi Tobias, >> >> >> On Wednesday 21 March 2012 12:44 AM, Vilhelm Jutvik wrote: >>> Dear Tobias, >>> >>> thank you very much. I thought that charon was signalled by the IPsec >>> stack's SPD when a new SA was to be negotiated, not that it itself set >>> the policy. >>> >>> Your solution didn't work right away though. I found that "ipsec >>> start" only started the starter process and nothing more. It was not >>> until I removed the charondebug option of the config section (as seen >>> below) that it started. It works though if you limit the debugging >>> level and / or the number of debugging options. I've reproduced this >>> several times just to be sure. Why is this? >>> >> I have observed the same problem recently and posted a patch in >> issue tracker. Can you please have a check. >> >> http://wiki.strongswan.org/issues/184 >> >> Thanks, >> Gowri Shankar >> >>> The problem line was (in full): >>> charondebug="asn 3,knl 3,mgr 3,ike 3,chd 3,net 3,enc 3" >>> It works if you change it so (e.g.) charondebug="ike 3" >>> >>> My strongswan version is 4.5.2 as included in Ubuntu 11.10 >>> >>> Sincerely, >>> Vilhelm Jutvik >>> MS Thesis Student at SICS >>> >>> 2012/3/13 Tobias Brunner<tob...@strongswan.org>: >>>> Hi Vilhelm, >>>> >>>>> config setup >>>>> crlcheckinterval=180 >>>>> strictcrlpolicy=no >>>>> plutostart=no >>>>> charondebug="asn 4, knl 4,mgr 4,ike 4,chd 4,net 4,enc 4" >>>>> >>>>> conn %default >>>>> auth=esp >>>>> authby=psk >>>>> esp=aes128ctr-aesxcbc! >>>>> ikelifetime=60m >>>>> keylife=20m >>>>> keyingtries=1 >>>>> rekeymargin=3m >>>>> keyexchange=ikev2 >>>>> ike=aes128ctr-aesxcbc-ecp192! >>>>> type=transport >>>> Your config file looks incomplete. You have to specify at least one >>>> conn section (other than %default) with the auto keyword (auto can be >>>> specified in %default, though). Where auto=route might be what you >>>> want, as charon will then install policies in the kernel's SPD and an SA >>>> will automatically be negotiated upon matching traffic. You also need >>>> to specify right and optionally left (the endpoints of the IKE_SA) in >>>> that conn section. If you only want specific traffic to be tunneled use >>>> the left|rightsubnet and left|rightprotoport keywords (see the example >>>> at [1]). >>>> >>>> Also if you want to configure the policies in the kernel yourself make >>>> sure you use a reqid> 0 and then specify reqid=<reqid> and >>>> installpolicy=no in the respective conn section. >>>> >>>> Regards, >>>> Tobias >>>> >>>> [1] http://www.strongswan.org/uml/testresults/ikev2/protoport-route/ >>> _______________________________________________ >>> Users mailing list >>> Users@lists.strongswan.org >>> https://lists.strongswan.org/mailman/listinfo/users >>> >>> > _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users