[strongSwan-dev] strongSwan 5.2.0 FreeBSD 10.0 crashes

Francois ten Krooden ftk at Nanoteq.com
Tue Jul 22 19:45:24 CEST 2014 

Hi

I tested strongSwan 5.2.0 on FreeBSD 10 and during some of the tests I receive the following errors.

ipsec up net-net
initiating IKE_SA net-net[1] to 192.168.0.2
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
sending packet: from 192.168.0.1[500] to 192.168.0.2[500] (676 bytes)
received packet: from 192.168.0.2[500] to 192.168.0.1[500] (440 bytes)
parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(MULT_AUTH) ]
authentication of 'moon.strongswan.org' (myself) with RSA signature successful
establishing CHILD_SA net-net
generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_6_ADDR) N(ADD_6_ADDR) N(MULT_AUTH) N(EAP_ONLY) ]
sending packet: from 192.168.0.1[4500] to 192.168.0.2[4500] (716 bytes)
received packet: from 192.168.0.2[4500] to 192.168.0.1[4500] (540 bytes)
parsed IKE_AUTH response 1 [ IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_6_ADDR) N(ADD_6_ADDR) ]
  using trusted certificate "sun.strongswan.org"
authentication of 'sun.strongswan.org' with RSA signature successful
IKE_SA net-net[1] established between 192.168.0.1[moon.strongswan.org]...192.168.0.2[sun.strongswan.org]
scheduling reauthentication in 3389s
maximum IKE_SA lifetime 3569s
received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
thread 16 received 11
 dumping 2 stack frame addresses:
  /lib/libthr.so.3 @ 0x801112000 (_swapcontext+0x15b) [0x80112040b]
    -> ??:0
  /lib/libthr.so.3 @ 0x801112000 (sigaction+0x343) [0x80111fff3]
    -> ??:0
killing ourself, received critical signal

Most of the other tests execute successfully.

daemon.log file
Jul 13 13:07:42 moon charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.2.0, FreeBSD 10.0-RELEASE, amd64)
Jul 13 13:07:42 moon charon: 00[KNL] unable to set UDP_ENCAP: Invalid argument
Jul 13 13:07:42 moon charon: 00[NET] enabling UDP decapsulation for IPv6 on port 4500 failed
Jul 13 13:07:42 moon charon: 00[CFG] loading ca certificates from '/usr/local/etc/ipsec.d/cacerts'
Jul 13 13:07:42 moon charon: 00[CFG] loading aa certificates from '/usr/local/etc/ipsec.d/aacerts'
Jul 13 13:07:42 moon charon: 00[CFG] loading ocsp signer certificates from '/usr/local/etc/ipsec.d/ocspcerts'
Jul 13 13:07:42 moon charon: 00[CFG] loading attribute certificates from '/usr/local/etc/ipsec.d/acerts'
Jul 13 13:07:42 moon charon: 00[CFG] loading crls from '/usr/local/etc/ipsec.d/crls'
Jul 13 13:07:42 moon charon: 00[CFG] loading secrets from '/usr/local/etc/ipsec.secrets'
Jul 13 13:07:42 moon charon: 00[CFG]   loaded RSA private key from '/usr/local/etc/ipsec.d/private/moonKey.der'
Jul 13 13:07:42 moon charon: 00[LIB] loaded plugins: charon sha1 sha2 md5 aes des hmac gmp dnskey pem pkcs1 pubkey random nonce curl kernel-pfkey kernel-pfroute socket-default stroke updown
Jul 13 13:07:42 moon charon: 00[JOB] spawning 16 worker threads
Jul 13 13:07:42 moon charon: 16[CFG] received stroke: add connection 'net-net'
Jul 13 13:07:42 moon charon: 16[CFG]   loaded RSA public key for "moon.strongswan.org"
Jul 13 13:07:42 moon charon: 16[CFG]   loaded RSA public key for "sun.strongswan.org"
Jul 13 13:07:42 moon charon: 16[CFG] added configuration 'net-net'
Jul 13 13:07:44 moon charon: 15[CFG] received stroke: initiate 'net-net'
Jul 13 13:07:44 moon charon: 16[IKE] initiating IKE_SA net-net[1] to 192.168.0.2
Jul 13 13:07:44 moon charon: 16[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
Jul 13 13:07:44 moon charon: 16[NET] sending packet: from 192.168.0.1[500] to 192.168.0.2[500] (676 bytes)
Jul 13 13:07:44 moon charon: 16[NET] received packet: from 192.168.0.2[500] to 192.168.0.1[500] (440 bytes)
Jul 13 13:07:44 moon charon: 16[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(MULT_AUTH) ]
Jul 13 13:07:44 moon charon: 16[IKE] authentication of 'moon.strongswan.org' (myself) with RSA signature successful
Jul 13 13:07:44 moon charon: 16[IKE] establishing CHILD_SA net-net
Jul 13 13:07:44 moon charon: 16[ENC] generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_6_ADDR) N(ADD_6_ADDR) N(MULT_AUTH) N(EAP_ONLY) ]
Jul 13 13:07:44 moon charon: 16[NET] sending packet: from 192.168.0.1[4500] to 192.168.0.2[4500] (716 bytes)
Jul 13 13:07:45 moon charon: 16[NET] received packet: from 192.168.0.2[4500] to 192.168.0.1[4500] (540 bytes)
Jul 13 13:07:45 moon charon: 16[ENC] parsed IKE_AUTH response 1 [ IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_6_ADDR) N(ADD_6_ADDR) ]
Jul 13 13:07:45 moon charon: 16[CFG]   using trusted certificate "sun.strongswan.org"
Jul 13 13:07:45 moon charon: 16[IKE] authentication of 'sun.strongswan.org' with RSA signature successful
Jul 13 13:07:45 moon charon: 16[IKE] IKE_SA net-net[1] established between 192.168.0.1[moon.strongswan.org]...192.168.0.2[sun.strongswan.org]
Jul 13 13:07:45 moon charon: 16[IKE] scheduling reauthentication in 3389s
Jul 13 13:07:45 moon charon: 16[IKE] maximum IKE_SA lifetime 3569s
Jul 13 13:07:45 moon charon: 16[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
Jul 13 13:07:46 moon charon: 16[DMN] thread 16 received 11
Jul 13 13:07:46 moon charon: 16[LIB]  dumping 2 stack frame addresses:
Jul 13 13:07:46 moon charon: 16[LIB]   /lib/libthr.so.3 @ 0x801112000 (_swapcontext+0x15b) [0x80112040b]
Jul 13 13:07:46 moon charon: 16[LIB]     -> ??:0
Jul 13 13:07:46 moon charon: 16[LIB]   /lib/libthr.so.3 @ 0x801112000 (sigaction+0x343) [0x80111fff3]
Jul 13 13:07:46 moon charon: 16[LIB]     -> ??:0
Jul 13 13:07:46 moon charon: 16[DMN] killing ourself, received critical signal
Jul 13 13:07:52 moon charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.2.0, FreeBSD 10.0-RELEASE, amd64)
Jul 13 13:07:52 moon charon: 00[KNL] unable to set UDP_ENCAP: Invalid argument
Jul 13 13:07:52 moon charon: 00[NET] enabling UDP decapsulation for IPv6 on port 4500 failed
Jul 13 13:07:52 moon charon: 00[CFG] loading ca certificates from '/usr/local/etc/ipsec.d/cacerts'
Jul 13 13:07:52 moon charon: 00[CFG] loading aa certificates from '/usr/local/etc/ipsec.d/aacerts'
Jul 13 13:07:52 moon charon: 00[CFG] loading ocsp signer certificates from '/usr/local/etc/ipsec.d/ocspcerts'
Jul 13 13:07:52 moon charon: 00[CFG] loading attribute certificates from '/usr/local/etc/ipsec.d/acerts'
Jul 13 13:07:52 moon charon: 00[CFG] loading crls from '/usr/local/etc/ipsec.d/crls'
Jul 13 13:07:52 moon charon: 00[CFG] loading secrets from '/usr/local/etc/ipsec.secrets'
Jul 13 13:07:52 moon charon: 00[CFG]   loaded RSA private key from '/usr/local/etc/ipsec.d/private/moonKey.der'
Jul 13 13:07:52 moon charon: 00[LIB] loaded plugins: charon sha1 sha2 md5 aes des hmac gmp dnskey pem pkcs1 pubkey random nonce curl kernel-pfkey kernel-pfroute socket-default stroke updown
Jul 13 13:07:52 moon charon: 00[LIB] unable to load 13 plugin features (13 due to unmet dependencies)
Jul 13 13:07:52 moon charon: 00[JOB] spawning 16 worker threads
Jul 13 13:07:52 moon charon: 16[CFG] received stroke: add connection 'net-net'
Jul 13 13:07:52 moon charon: 16[CFG]   loaded RSA public key for "moon.strongswan.org"
Jul 13 13:07:52 moon charon: 16[CFG]   loaded RSA public key for "sun.strongswan.org"
Jul 13 13:07:52 moon charon: 16[CFG] added configuration 'net-net'
Jul 13 13:08:04 moon charon: 00[DMN] signal of type SIGINT received. Shutting down

Important Notice:

This e-mail and its contents are subject to the Nanoteq (Pty) Ltd e-mail legal notice available at:
http://www.nanoteq.com/AboutUs/EmailDisclaimer.aspx

More information about the Dev mailing list