[Swan] ASSERTION FAILED at /root/rpmbuild/BUILD/libreswan-3.18dr3/programs/pluto/kernel.c:2658
Satavee Junwana
satavee at gmail.com
Sat Jul 23 06:29:07 UTC 2016
Hi,
I got error - ASSERTION FAILED at kernel.c:2658, it happened just only in
Phase 2 responding mode (cisco side initiate connection). As log belowed ,
#3 to #6 is working fine while libreswan initiate the Phase 2 . I aslo
found this problem on libreswan 3.15.
-for kernel 3.12.48 - Centos 6
[root at LibreSWAN /]# uname -a
Linux LibreSWAN 3.12.48 #1 SMP Fri Jun 24 08:41:06 ICT 2016 x86_64 x86_64
x86_64 GNU/Linux
-
002 "ppp5_DC172" #1: initiating Main Mode
104 "ppp5_DC172" #1: STATE_MAIN_I1: initiate
Jul 23 12:16:06: "ppp5_DC172" #1: transition from state STATE_MAIN_I1 to
state STATE_MAIN_I2
002 "ppp5_DC172" #1: transition from state STATE_MAIN_I1 to state
STATE_MAIN_I2
Jul 23 12:16:06: "ppp5_DC172" #1: STATE_MAIN_I2: sent MI2, expecting MR2
106 "ppp5_DC172" #1: STATE_MAIN_I2: sent MI2, expecting MR2
Jul 23 12:16:06: "ppp5_DC172" #1: ignoring unknown Vendor ID payload
[f9bee6561ecf2f1e8a6082882b71814d]
003 "ppp5_DC172" #1: ignoring unknown Vendor ID payload
[f9bee6561ecf2f1e8a6082882b71814d]
Jul 23 12:16:06: "ppp5_DC172" #1: sending INITIAL_CONTACT
002 "ppp5_DC172" #1: sending INITIAL_CONTACT
Jul 23 12:16:06: "ppp5_DC172" #1: transition from state STATE_MAIN_I2 to
state STATE_MAIN_I3
002 "ppp5_DC172" #1: transition from state STATE_MAIN_I2 to state
STATE_MAIN_I3
Jul 23 12:16:06: "ppp5_DC172" #1: STATE_MAIN_I3: sent MI3, expecting MR3
108 "ppp5_DC172" #1: STATE_MAIN_I3: sent MI3, expecting MR3
Jul 23 12:16:06: | protocol/port in Phase 1 ID Payload is 17/0. accepted
with port_floating NAT-T
Jul 23 12:16:06: "ppp5_DC172" #1: Main mode peer ID is ID_IPV4_ADDR:
'192.168.80.196'
002 "ppp5_DC172" #1: Main mode peer ID is ID_IPV4_ADDR: '192.168.80.196'
Jul 23 12:16:06: "ppp5_DC172" #1: transition from state STATE_MAIN_I3 to
state STATE_MAIN_I4
002 "ppp5_DC172" #1: transition from state STATE_MAIN_I3 to state
STATE_MAIN_I4
Jul 23 12:16:06: "ppp5_DC172" #1: STATE_MAIN_I4: ISAKMP SA established
{auth=PRESHARED_KEY cipher=oakley_3des_cbc_192 integ=sha group=MODP1024}
004 "ppp5_DC172" #1: STATE_MAIN_I4: ISAKMP SA established
{auth=PRESHARED_KEY cipher=oakley_3des_cbc_192 integ=sha group=MODP1024}
Jul 23 12:16:06: "ppp5_DC172" #2: initiating Quick Mode
PSK+ENCRYPT+TUNNEL+UP+IKEV1_ALLOW+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
{using isakmp#1 msgid:98c0d7eb proposal=3DES(3)_000-SHA1(2) pfsgroup=no-pfs}
002 "ppp5_DC172" #2: initiating Quick Mode
PSK+ENCRYPT+TUNNEL+UP+IKEV1_ALLOW+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
{using isakmp#1 msgid:98c0d7eb proposal=3DES(3)_000-SHA1(2) pfsgroup=no-pfs}
117 "ppp5_DC172" #2: STATE_QUICK_I1: initiate
Jul 23 12:16:06: "ppp5_DC172" #2: ignoring informational payload
IPSEC_RESPONDER_LIFETIME, msgid=98c0d7eb, length=28
003 "ppp5_DC172" #2: ignoring informational payload
IPSEC_RESPONDER_LIFETIME, msgid=98c0d7eb, length=28
Jul 23 12:16:06: | ISAKMP Notification Payload
Jul 23 12:16:06: | 00 00 00 1c 00 00 00 01 03 04 60 00
Jul 23 12:16:07: "ppp5_DC172" #2: route-client output:
/usr/libexec/ipsec/_updown.klips: doroute "ip route add 192.168.3.0/24 dev
ipsec5 metric 1 src 192.168.107.1" failed (RTNETLINK answers: File exists)
002 "ppp5_DC172" #2: route-client output: /usr/libexec/ipsec/_updown.klips:
doroute "ip route add 192.168.3.0/24 dev ipsec5 metric 1 src
192.168.107.1" failed (RTNETLINK answers: File exists)
Jul 23 12:16:07: "ppp5_DC172" #2: transition from state STATE_QUICK_I1 to
state STATE_QUICK_I2
002 "ppp5_DC172" #2: transition from state STATE_QUICK_I1 to state
STATE_QUICK_I2
Jul 23 12:16:07: "ppp5_DC172" #2: STATE_QUICK_I2: sent QI2, IPsec SA
established tunnel mode {ESP/NAT=>0x6f19e537 <0x76623a38
xfrm=3DES_0-HMAC_SHA1 NATOA=none NATD=103.255.15.112:4500 DPD=passive}
004 "ppp5_DC172" #2: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel
mode {ESP/NAT=>0x6f19e537 <0x76623a38 xfrm=3DES_0-HMAC_SHA1 NATOA=none NATD=
103.255.15.112:4500 DPD=passive}
Jul 23 12:17:37: "ppp5_DC172" #3: initiating Quick Mode
PSK+ENCRYPT+TUNNEL+UP+IKEV1_ALLOW+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
to replace #2 {using isakmp#1 msgid:578c1c1b proposal=3DES(3)_000-SHA1(2)
pfsgroup=no-pfs}
Jul 23 12:17:38: "ppp5_DC172" #3: ignoring informational payload
IPSEC_RESPONDER_LIFETIME, msgid=578c1c1b, length=28
Jul 23 12:17:38: | ISAKMP Notification Payload
Jul 23 12:17:38: | 00 00 00 1c 00 00 00 01 03 04 60 00
Jul 23 12:17:38: "ppp5_DC172" #3: transition from state STATE_QUICK_I1 to
state STATE_QUICK_I2
Jul 23 12:17:38: "ppp5_DC172" #3: STATE_QUICK_I2: sent QI2, IPsec SA
established tunnel mode {ESP/NAT=>0x199c47ef <0x76623a39
xfrm=3DES_0-HMAC_SHA1 NATOA=none NATD=103.255.15.112:4500 DPD=passive}
Jul 23 12:17:38: "ppp5_DC172" #1: warning: Delete SA payload:
PROTO_IPSEC_ESP SA(0x76623a38) is our own SPI (bogus implementation) -
deleting anyway
Jul 23 12:17:38: "ppp5_DC172" #1: received Delete SA(0x76623a38) payload:
deleting IPSEC State #2
Jul 23 12:17:38: "ppp5_DC172" #1: deleting state #2 (STATE_QUICK_I2)
Jul 23 12:17:38: "ppp5_DC172" #1: ESP traffic information: in=0B out=0B
Jul 23 12:17:38: "ppp5_DC172" #1: received and ignored empty informational
notification payload
Jul 23 12:18:11: "ppp5_DC172" #4: initiating Quick Mode
PSK+ENCRYPT+TUNNEL+UP+IKEV1_ALLOW+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
to replace #3 {using isakmp#1 msgid:11f9eab2 proposal=3DES(3)_000-SHA1(2)
pfsgroup=no-pfs}
Jul 23 12:18:11: "ppp5_DC172" #4: ignoring informational payload
IPSEC_RESPONDER_LIFETIME, msgid=11f9eab2, length=28
Jul 23 12:18:11: | ISAKMP Notification Payload
Jul 23 12:18:11: | 00 00 00 1c 00 00 00 01 03 04 60 00
Jul 23 12:18:11: "ppp5_DC172" #4: transition from state STATE_QUICK_I1 to
state STATE_QUICK_I2
Jul 23 12:18:11: "ppp5_DC172" #4: STATE_QUICK_I2: sent QI2, IPsec SA
established tunnel mode {ESP/NAT=>0xf0591878 <0x76623a3a
xfrm=3DES_0-HMAC_SHA1 NATOA=none NATD=103.255.15.112:4500 DPD=passive}
Jul 23 12:18:11: "ppp5_DC172" #1: warning: Delete SA payload:
PROTO_IPSEC_ESP SA(0x76623a39) is our own SPI (bogus implementation) -
deleting anyway
Jul 23 12:18:11: "ppp5_DC172" #1: received Delete SA(0x76623a39) payload:
deleting IPSEC State #3
Jul 23 12:18:11: "ppp5_DC172" #1: deleting state #3 (STATE_QUICK_I2)
Jul 23 12:18:11: "ppp5_DC172" #1: ESP traffic information: in=0B out=0B
Jul 23 12:18:11: "ppp5_DC172" #1: received and ignored empty informational
notification payload
Jul 23 12:18:42: "ppp5_DC172" #5: initiating Quick Mode
PSK+ENCRYPT+TUNNEL+UP+IKEV1_ALLOW+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
to replace #4 {using isakmp#1 msgid:89c36c02 proposal=3DES(3)_000-SHA1(2)
pfsgroup=no-pfs}
Jul 23 12:18:42: "ppp5_DC172" #5: ignoring informational payload
IPSEC_RESPONDER_LIFETIME, msgid=89c36c02, length=28
Jul 23 12:18:42: | ISAKMP Notification Payload
Jul 23 12:18:42: | 00 00 00 1c 00 00 00 01 03 04 60 00
Jul 23 12:18:42: "ppp5_DC172" #5: transition from state STATE_QUICK_I1 to
state STATE_QUICK_I2
Jul 23 12:18:42: "ppp5_DC172" #5: STATE_QUICK_I2: sent QI2, IPsec SA
established tunnel mode {ESP/NAT=>0x8f573b62 <0x76623a3b
xfrm=3DES_0-HMAC_SHA1 NATOA=none NATD=103.255.15.112:4500 DPD=passive}
Jul 23 12:18:42: "ppp5_DC172" #1: warning: Delete SA payload:
PROTO_IPSEC_ESP SA(0x76623a3a) is our own SPI (bogus implementation) -
deleting anyway
Jul 23 12:18:42: "ppp5_DC172" #1: received Delete SA(0x76623a3a) payload:
deleting IPSEC State #4
Jul 23 12:18:42: "ppp5_DC172" #1: deleting state #4 (STATE_QUICK_I2)
Jul 23 12:18:42: "ppp5_DC172" #1: ESP traffic information: in=0B out=0B
Jul 23 12:18:42: "ppp5_DC172" #1: received and ignored empty informational
notification payload
Jul 23 12:18:56: "ppp5_DC172" #6: initiating Quick Mode
PSK+ENCRYPT+TUNNEL+UP+IKEV1_ALLOW+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
to replace #5 {using isakmp#1 msgid:be102a01 proposal=3DES(3)_000-SHA1(2)
pfsgroup=no-pfs}
Jul 23 12:18:56: "ppp5_DC172" #6: ignoring informational payload
IPSEC_RESPONDER_LIFETIME, msgid=be102a01, length=28
Jul 23 12:18:56: | ISAKMP Notification Payload
Jul 23 12:18:56: | 00 00 00 1c 00 00 00 01 03 04 60 00
Jul 23 12:18:56: "ppp5_DC172" #6: transition from state STATE_QUICK_I1 to
state STATE_QUICK_I2
Jul 23 12:18:56: "ppp5_DC172" #6: STATE_QUICK_I2: sent QI2, IPsec SA
established tunnel mode {ESP/NAT=>0x0d5aa691 <0x76623a3c
xfrm=3DES_0-HMAC_SHA1 NATOA=none NATD=103.255.15.112:4500 DPD=passive}
Jul 23 12:18:56: "ppp5_DC172" #1: warning: Delete SA payload:
PROTO_IPSEC_ESP SA(0x76623a3c) is our own SPI (bogus implementation) -
deleting anyway
Jul 23 12:18:56: "ppp5_DC172" #1: received Delete SA payload: replace IPSEC
State #6 in 60 seconds
Jul 23 12:18:56: "ppp5_DC172" #1: received and ignored empty informational
notification payload
Jul 23 12:19:26: "ppp5_DC172" #1: the peer proposed: 192.168.107.0/24:0/0
-> 192.168.3.0/24:0/0
Jul 23 12:19:26: "ppp5_DC172" #7: responding to Quick Mode proposal
{msgid:20ba4f38}
Jul 23 12:19:26: "ppp5_DC172" #7: us: 192.168.107.0/24===192.168.99.99
<192.168.99.99>
Jul 23 12:19:26: "ppp5_DC172" #7: them:
103.255.15.112<103.255.15.112>[192.168.80.196]===192.168.3.0/24
Jul 23 12:19:26: "ppp5_DC172" #7: ASSERTION FAILED at
/root/rpmbuild/BUILD/libreswan-3.18dr3/programs/pluto/kernel.c:2658:
c->kind == CK_PERMANENT || c->kind == CK_INSTANCE
Jul 23 12:19:26: "ppp5_DC172" #7: ABORT at
/root/rpmbuild/BUILD/libreswan-3.18dr3/programs/pluto/kernel.c:2658
"ppp5_DC172" #7: ABORT at
/root/rpmbuild/BUILD/libreswan-3.18dr3/programs/pluto/kernel.c:2658
2016-07-23T12:19:26.600823+07:00 LibreSWAN ipsec__plutorun: !pluto
failure!: exited with error status 134 (signal 6)
2016-07-23T12:19:26.604850+07:00 LibreSWAN ipsec__plutorun: restarting
IPsec after pause...
2016-07-23T12:19:37.262275+07:00 LibreSWAN kernel:
2016-07-23T12:19:37.968235+07:00 LibreSWAN kernel:
2016-07-23T12:19:38.102316+07:00 LibreSWAN ipsec__plutorun: Starting Pluto
Jul 23 12:19:38: NSS DB directory: sql:/etc/ipsec.d
Jul 23 12:19:38: Initializing NSS
Best Regards,
Satavee
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20160723/120965cb/attachment-0001.html>
More information about the Swan
mailing list