[Swan] libreswan 3.17 NAT-T fails in phase2

Paul Wouters paul at nohats.ca
Sat Jul 2 12:19:37 UTC 2016


On Thu, 23 Jun 2016, Ge Xu wrote:

> Do you have any idea about what is wrong with the phase2 according to the logs?  
> 
> The machines at both sides have the same kernel I don't understand why the status on one side is active, but on the NAT side is not.

It looks like you configured leftupdown=/var/run/updown.klips which
tries to run /usr/local/libexec/ipsec/_updown.klips which does not
exist? I think that failure is causing the passert() crash later on?

> Jun 15 03:34:13: "vpn-0" #2: up-client output: /var/run/updown.klips: 12: exec: /usr/local/libexec/ipsec/_updown.klips: not found
> Jun 15 03:34:13: "vpn-0" #2: up-client command exited with status 127
> Jun 15 03:34:13: | route_and_eroute: firewall_notified: false
> Jun 15 03:34:13: "vpn-0" #2: ASSERTION FAILED at /home/htsai/src/libreswan/programs/pluto/kernel.c:3038: esr != NULL
> Jun 15 03:34:13: "vpn-0" #2: ABORT at /home/htsai/src/libreswan/programs/pluto/kernel.c:3038
> "vpn-0" #2: ABORT at /home/htsai/src/libreswan/programs/pluto/kernel.c:3038
> Jun 15 03:34:13: NSS DB directory: sql:/etc/ipsec.d
> Jun 15 03:34:14: NSS initialized
> Jun 15 03:34:14: libcap-ng support [disabled]

Paul


More information about the Swan mailing list