[Swan] Pluto core observered on openswan-2.6.32-37.el6.x86_64
Madhan Raj
madhanrajrm at gmail.com
Sun May 19 12:43:26 UTC 2019
Hi All,
This is my /etc/ipsec.conf file.
[root at msd policy]#
* cat /etc/ipsec.conf*
# Openswan IKE daemon configuration file
#
# Generated during Platform Install
#
# We will place user config files in /etc/ipsec.d/conf ending in .conf
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
# For Red Hat Enterprise Linux, leave protostack=netkey
protostack=netkey
# plutodebug=crypt control controlmore pfkey dpd
plutodebug=all
klipsdebug=all
nat_traversal=yes
virtual_private=
oe=off
# Enable this if you see failed to find any available worker
nhelpers=0
plutorestartoncrash=yes
# NSS DB Storage
plutoopts="--ipsecdir /usr/local/platform/.security/ipsec"
# Pluto core file if it cores...
dumpdir=/var/log/active/core
# For redirecting pluto logs, use plutostderrlog=directory of our
choice
conn block
auto=ignore
conn private
auto=ignore
conn private-or-clear
auto=ignore
conn clear-or-private
auto=ignore
conn clear
auto=ignore
conn packetdefault
auto=ignore
# Place all our user configurations (.conf) files below
#include /etc/ipsec.d/conf/*.conf
include /etc/ipsec.d/conf/1015323275.conf
and the corresponding conf file */etc/ipsec.d/conf/1015323275.conf file :-*
[root at msd policy]# cat /etc/ipsec.d/conf/1015323275.conf
conn 1015323275_x509
left=10.76.214.247
leftcert=ipsec-db
leftrsasigkey=%cert
leftprotoport=tcp/0
leftid="C=IN, O=i, OU=ind, CN=msd, ST=TN, L=ipsec"
right=10.78.171.146
rightcert=ucbu-aricent-vm31.cisco.com
rightrsasigkey=%cert
rightprotoport=tcp/0
rightid=""
type=transport
auth=esp
authby=rsasig
keyexchange=ike
keyingtries=%forever
rekey=yes
ike=aes256-sha2_256-modp1024
esp=aes256-sha2_256
ikelifetime=3600s
salifetime=3600s
pfs=no
auto=start
*Core Backtrace :- *
Loaded symbols for /usr/lib64/libfreeblpriv3.so
Reading symbols from /usr/lib64/libnssdbm3.so...(no debugging symbols
found)...done.
Loaded symbols for /usr/lib64/libnssdbm3.so
Core was generated by `/usr/libexec/ipsec/pluto --nofork --secretsfile
/etc/ipsec.secrets --ipsecdir /'.
Program terminated with signal 6, Aborted.
#0 0x00007fe93cde8495 in raise () from /lib64/libc.so.6
*(gdb) bt*
#0 0x00007fe93cde8495 in raise () from /lib64/libc.so.6
#1 0x00007fe93cde9c75 in abort () from /lib64/libc.so.6
#2 0x00007fe93eca58f1 in ?? ()
*#3 0x00007fe93eca5944 in passert_fail ()*
#4 0x00007fe93eca938f in ?? ()
#5 0x00007fe93ec9aa2b in ?? ()
#6 0x00007fe93ec9aacf in ?? ()
#7 0x00007fe93ec9ae9a in ?? ()
#8 0x00007fe93eca9bc8 in ?? ()
#9 0x00007fe93ecdde3a in ?? ()
#10 0x00007fe93ecacd5f in ?? ()
#11 0x00007fe93ecaab7c in main ()
(gdb)
ipsec startup command outputs:-
[root at msd policy]#* ipsec auto --add 1015323275_x509*
[root at msd policy]# *ipsec auto --up 1015323275_x509*
117 "1015323275_x509" #5051: STATE_QUICK_I1: initiate
004 "1015323275_x509" #5051: STATE_QUICK_I2: sent QI2, *IPsec SA
established transport mode {*ESP=>0x52b4320a <0x4d1320b1
xfrm=AES_256-HMAC_SHA2_256 NATOA=none NATD=none DPD=none}
[root at msd policy]#
Pluto cores after connection gets established for few minutes or hours.
NOTE: openswan is in FIPS mode.
Am I missing something here ??
Thanks,
Madhan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20190519/9cee86f6/attachment.html>
More information about the Swan
mailing list