[strongSwan] OpenWRT and IKEv2
Gabriel VLASIU
gabriel at vlasiu.net
Mon Apr 19 17:17:56 CEST 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi all!
Maybe someone can help me.
I have a small router with openwrt. Pluto works fine. No problems at all
(well, sometimes a nat connection is lost but is not really an issue).
But charon does not run at all. It's somehow... stuck.
**** charon started manually:
# /usr/lib/ipsec/charon
00[DMN] Starting IKEv2 charon daemon (strongSwan 4.3.6)
00[NET] unable to create raw socket: Address family not supported by protocol
00[NET] could not open IPv6 receive socket, IPv6 disabled
00[KNL] listening on interfaces:
00[KNL] eth0
00[KNL] eth1
00[KNL] br-lan
00[KNL] 192.168.1.1
00[KNL] wlan0
00[KNL] mon.wlan0
00[KNL] ppp0
00[KNL] 79.114.91.63
00[KNL] received netlink error: Address family not supported by protocol (124)
00[KNL] unable to create IPv6 routing table rule
00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
00[CFG] loaded ca certificate "C=X, ST=X, L=X, O=X, CN=X, E=X" from '/etc/ipsec.d/cacerts/caCert.der'
00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
00[CFG] loading crls from '/etc/ipsec.d/crls'
00[CFG] loaded crl from '/etc/ipsec.d/crls/crl.pem'
00[CFG] loading secrets from '/etc/ipsec.secrets'
00[CFG] loading secrets from '/etc/ipsec.d/XXXX.secrets'
00[CFG] loaded RSA private key from '/etc/ipsec.d/private/XXXX.der'
00[DMN] loaded plugins: aes des sha1 sha2 md5 fips-prf random x509 pubkey pkcs1 pgp dnskey pem xcbc hmac gmp kernel-netlink stroke updown attr resolve
00[JOB] spawning 1 worker threads
Here is stuck. I can only stop the process via ctrl-c.
**** Running vi strace:
strace -f -ff /usr/lib/ipsec/charon
....
write(1, "00[JOB] spawning 1 worker thread"..., 3400[JOB] spawning 1 worker threads) = 34
rt_sigaction(SIGPIPE, {SIG_DFL, [], SA_STACK|SA_INTERRUPT|SA_SIGINFO|0x2b8e4f0}, {SIG_DFL, [RT_67 RT_68 RT_70 RT_71 RT_73 RT_74 RT_75 RT_76 RT_78 RT_79 RT_81 RT_82 RT_85 RT_86 RT_87 RT_89 RT_91 RT_94], SA_NOCLDSTOP}, 16) = 0
time([1271690002]) = 1271690002
open("/etc/TZ", O_RDONLY) = 14
read(14, "EET-2EEST,M3.5.0/3,M10.5.0/4\n", 68) = 29
read(14, "", 39) = 0
close(14) = 0
write(3, "<30>Apr 19 18:13:22 syslog: 00[J"..., 63) = 63
rt_sigaction(SIGPIPE, {SIG_DFL, [RT_67 RT_68 RT_70 RT_71 RT_73 RT_74 RT_75 RT_76 RT_78 RT_79 RT_81 RT_82 RT_85 RT_86 RT_87 RT_89 RT_91 RT_94], SA_NOCLDSTOP}, NULL, 16) = 0
brk(0x463000) = 0x463000
pipe([1701650552, 1667392288]) = 14
clone(Process 1577 attached
child_stack=0x462d78, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND) = 1577
[pid 1574] write(15, "\177\344R\260\0\0\0\5 kernel-netlink stroke u"..., 148) = 148
[pid 1574] rt_sigprocmask(SIG_SETMASK, NULL, [HUP INT TERM RT_0], 16) = 0
[pid 1574] write(15, "*\263\220@\0\0\0\0\0\0\0\0*\255\0\250\0E\362\0\200\0@\3\0\0\0\0\0\0\0\0"..., 148) = 148
[pid 1574] rt_sigprocmask(SIG_SETMASK, NULL, [HUP INT TERM RT_0], 16) = 0
[pid 1574] rt_sigsuspend([HUP INT TERM] <unfinished ...>
[pid 1577] rt_sigprocmask(SIG_SETMASK, ~[TRAP RT_1], NULL, 16) = 0
[pid 1577] read(14, "\177\344R\260\0\0\0\5 kernel-netlink stroke u"..., 148) = 148
[pid 1577] poll([{fd=14, events=POLLIN}], 1, 2000) = 1 ([{fd=14, revents=POLLIN}])
[pid 1577] getppid() = 1574
[pid 1577] read(14, "*\263\220@\0\0\0\0\0\0\0\0*\255\0\250\0E\362\0\200\0@\3\0\0\0\0\0\0\0\0"..., 148) = 148
[pid 1577] old_mmap(0x7f7fc000, 16384, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS|MAP_GROWSDOWN, -1, 0) = 0x7f7fc000
[pid 1577] clone(Process 1578 attached
child_stack=0x7f7ffe00, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|SIGRT_1) = 1578
[pid 1577] kill(1574, SIGRT_0 <unfinished ...>
[pid 1578] getpid( <unfinished ...>
[pid 1577] <... kill resumed> ) = 0
[pid 1574] <... rt_sigsuspend resumed> ) = ? ERESTARTNOHAND (To be restarted)
[pid 1574] --- SIGRT_0 (Unknown signal 32) @ 0 (0) ---
[pid 1574] sigreturn() = ? (mask now [EMT KILL SEGV PIPE ALRM TERM USR2 PWR URG IO TSTP TTIN VTALRM XCPU])
[pid 1574] rt_sigprocmask(SIG_BLOCK, [HUP INT TERM], NULL, 16) = 0
[pid 1574] rt_sigaction(SIGHUP, {SIG_DFL, [RT_68 RT_70 RT_74 RT_75 RT_82 RT_85 RT_86 RT_88 RT_90 RT_92 RT_94], SA_STACK|SA_INTERRUPT|0x2b207a4}, NULL, 16) = 0
[pid 1574] rt_sigaction(SIGINT, {SIG_DFL, [RT_68 RT_70 RT_74 RT_75 RT_82 RT_85 RT_86 RT_88 RT_90 RT_92 RT_94], SA_STACK|SA_INTERRUPT|0x2b207a4}, NULL, 16) = 0
[pid 1574] rt_sigaction(SIGTERM, {SIG_DFL, [RT_68 RT_70 RT_74 RT_75 RT_82 RT_85 RT_86 RT_88 RT_90 RT_92 RT_94], SA_STACK|SA_INTERRUPT|0x2b207a4}, NULL, 16) = 0
[pid 1574] rt_sigaction(128, {SIG_DFL, [RT_68 RT_70 RT_74 RT_75 RT_82 RT_85 RT_86 RT_88 RT_90 RT_92 RT_94], SA_STACK|SA_INTERRUPT|0x2b20720}, NULL, 16) = 0
[pid 1574] rt_sigprocmask(SIG_BLOCK, NULL, [HUP INT TERM RT_0], 16) = 0
[pid 1574] rt_sigsuspend(~[HUP INT TERM RT_1] <unfinished ...>
[pid 1578] <... getpid resumed> ) = 1578
[pid 1577] poll([{fd=14, events=POLLIN}], 1, 2000 <unfinished ...>
[pid 1578] rt_sigprocmask(SIG_SETMASK, [HUP INT TERM RT_0], NULL, 16) = 0
[pid 1578] gettimeofday({1271690002, 343705}, NULL) = 0
[pid 1578] rt_sigprocmask(SIG_SETMASK, NULL, [HUP INT TERM RT_0], 16) = 0
[pid 1578] rt_sigsuspend([HUP INT TERM] <unfinished ...>
[pid 1577] <... poll resumed> ) = 0 (Timeout)
[pid 1577] getppid() = 1574
[pid 1577] poll([{fd=14, events=POLLIN}], 1, 2000) = 0 (Timeout)
[pid 1577] getppid() = 1574
[pid 1577] poll([{fd=14, events=POLLIN}], 1, 2000) = 0 (Timeout)
[pid 1577] getppid() = 1574
[pid 1577] poll([{fd=14, events=POLLIN}], 1, 2000) = 0 (Timeout)
[pid 1577] getppid() = 1574
[pid 1577] poll([{fd=14, events=POLLIN}], 1, 2000) = 0 (Timeout)
[pid 1577] getppid() = 1574
[pid 1577] poll([{fd=14, events=POLLIN}], 1, 2000
....
Does anybody else have this problem?
Thank you.
Sincerely,
Gabriel
- --
// Gabriel VLASIU
//
// OpenGPG-KeyID : 0xE684206E
// OpenGPG-Fingerprint: 0C3D 9F8B 725D E243 CB3C 8428 796A DB1F E684 206E
// OpenGPG-URL : http://www.vlasiu.net/public.key
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFLzHQoeWrbH+aEIG4RAgxnAJsHLQXOaW0C6vyJMXNY8yd/bdymvQCfYOgB
cfVxSh6WJinHT85KWH/US/w=
=JVn1
-----END PGP SIGNATURE-----
More information about the Users
mailing list