[Swan] libreswan 3.21 error?

Paul Wouters paul at nohats.ca
Wed Sep 27 14:14:01 UTC 2017


On Wed, 27 Sep 2017, Charles Van Dusen wrote:

> The install was at 3.21 from scratch - not an upgrade.

ahh, then maybe it did not initially do a dns lookup, and only later
did.

> I also figured out how to get the current version of libunbound, shown below:

See git commit 6c68033a1080

It seems some debiab/ubuntu installs compiled libunbound without
libevent support, so those packages need a recompile.

Or you can recompile libreswan without USE_DNSSEC.

Paul


> root at rpiNC:~# apt list | grep unbound
>
> libunbound-dev/stable,now 1.6.0-3 armhf [installed]
> libunbound2/stable,now 1.6.0-3 armhf [installed,automatic]
> python-unbound/stable 1.6.0-3 armhf
> python3-unbound/stable 1.6.0-3 armhf
> unbound/stable 1.6.0-3 armhf
> unbound-anchor/stable 1.6.0-3 armhf
> unbound-host/stable 1.6.0-3 armhf
>
> So Im still at a loss to explain. FWIW it seems stable at present. Should I suspect the VPN server end?
>
> Charlie
>
> -----Original Message-----
> From: Paul Wouters [mailto:paul at nohats.ca]
> Sent: Wednesday, September 27, 2017 12:10 AM
> To: Charles Van Dusen <charlie at imdgn.com>
> Cc: swan at lists.libreswan.org
> Subject: Re: [Swan] libreswan 3.21 error?
>
> On Sun, 24 Sep 2017, Charles Van Dusen wrote:
>
>> I recently moved to libreswan 3.21 on a new machine and transferred my configuration files from a 3.18 machine to the new machine.
>> All appeared to be working normally.
>
>> Sep 24 11:08:05 rpiNC pluto[8381]: ABORT: ASSERTION FAILED: dns_ctx !=
>> NULL (in unbound_event_init() at unbound.c:188)
>>
>> Sep 24 11:08:05 rpiNC pluto[8381]: ABORT: ASSERTION FAILED: dns_ctx !=
>> NULL (in unbound_event_init() at unbound.c:188)
>
> Your libunbound is too old. Please upgrade to at least 1.5.x or recompile libreswan with USE_DNSSEC=false
>
>> Nothing has changed on this machine, or on the machine to which it is trying to connect.
>
> My guess is you might have upgraded libreswan but it was never restarted properly before this happened.
>
> Paul
>


More information about the Swan mailing list