[Swan-dev] pluto: Fix nat_traversal assertion failure in main_inI1_outR1
Herbert Xu
herbert at gondor.apana.org.au
Tue May 12 06:44:26 EEST 2015
On Mon, May 11, 2015 at 12:19:56PM -0400, Paul Wouters wrote:
>
> which side did not support NAT-T? I assume netkey was used with
> libreswan. Was the kernel >= 2.6.22 ? I'll do a test with openswan
> with nat_traversal=no (libreswan no longer supports 'no' and only
> disables nat-t when the kernel does not support it)
Both sides support NAT-T. Weird, I also can't see how this can
crash but it really did, multiple times, and stopped after the
patch:
pluto[7485]: packet from 116.233.49.207:500: ignoring Vendor ID payload [Openswan(project)]
pluto[7485]: packet from 116.233.49.207:500: received Vendor ID payload [Dead Peer Detection]
pluto[7485]: packet from 116.233.49.207:500: received Vendor ID payload [RFC 3947]
pluto[7485]: packet from 116.233.49.207:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
pluto[7485]: packet from 116.233.49.207:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
pluto[7485]: packet from 116.233.49.207:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
pluto[7485]: packet from 116.233.49.207:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
pluto[7485]: "ithilien"[1] 116.233.49.207 #1: enabling possible NAT-traversal with method RFC 3947 (NAT-Traversal)
pluto[7485]: "ithilien"[1] 116.233.49.207 #1: responding to Main Mode from unknown peer 116.233.49.207
pluto[7485]: "ithilien"[1] 116.233.49.207 #1: ASSERTION FAILED at /home/gondost/herbert/src/git/libreswan-work/programs/pluto/ikev1_main.c:881: numvidtosend == 0
pluto[7485]: "ithilien"[1] 116.233.49.207 #1: ABORT at /home/gondost/herbert/src/git/libreswan-work/programs/pluto/ikev1_main.c:881
pluto[7485]: "ithilien"[1] 116.233.49.207 #1: ABORT at /home/gondost/herbert/src/git/libreswan-work/programs/pluto/ikev1_main.c:881
ipsec__plutorun: !pluto failure!: exited with error status 134 (signal 6)
Cheers,
--
Email: Herbert Xu <herbert at gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
More information about the Swan-dev
mailing list