[strongSwan] charon crash right after xauth+rsa client connects (strongswan-5.0.4, ubuntu 12.04)

Ewan Smythe ewansmythe at outlook.com
Mon Jul 29 22:22:17 CEST 2013 

Hello,
I would be very grateful for hints which will help me stop banging my head on the the keyboard.
I have just built a new server (Ubuntu 12.04 x64, strongSwan 5.0.4 built from source). It appears to load the configs OK, listcerts etc looks like certs are being loaded, and log messages indicate that the client certs are being accepted, but right after xauth, charon crashes.
There is a stack frame trace output in the logs:
13[LIB] <x_15|1>   /lib/x86_64-linux-gnu/libpthread.so.0 @ 0x7fcbdf8ff000 [0x7fcbdf906e9a]13[LIB] <x_15|1>     -> ??:013[LIB] <x_15|1>   /lib/x86_64-linux-gnu/libc.so.6 @ 0x7fcbdf540000 (clone+0x6d) [0x7fcbdf633ccd]13[LIB] <x_15|1>     -> ??:0 dumping 12 stack frame addresses:  /lib/x86_64-linux-gnu/libpthread.so.0 @ 0x7fcbdf8ff000 [0x7fcbdf90ecb0]    -> ??:0  /usr/lib/ipsec/libstrongswan.so.0 @ 0x7fcbdff96000 (is_asn1+0xa4) [0x7fcbdffa5c44]    -> /root/strongswan-5.0.4/src/libstrongswan/asn1/asn1.c:636  /usr/lib/ipsec/libstrongswan.so.0 @ 0x7fcbdff96000 (identification_create_from_data+0x47) [0x7fcbdffc17a7]    -> /root/strongswan-5.0.4/src/libstrongswan/utils/identification.c:1023  /usr/lib/ipsec/plugins/libstrongswan-xauth-generic.so @ 0x7fcbd65dd000 [0x7fcbd65ddc55]    -> /root/strongswan-5.0.4/src/libcharon/plugins/xauth_generic/xauth_generic.c:131  /usr/lib/ipsec/libcharon.so.0 @ 0x7fcbdfb1c000 [0x7fcbdfb6c5a1]    -> /root/strongswan-5.0.4/src/libcharon/sa/ikev1/tasks/xauth.c:460  /usr/lib/ipsec/libcharon.so.0 @ 0x7fcbdfb1c000 [0x7fcbdfb63013]    -> /root/strongswan-5.0.4/src/libcharon/sa/ikev1/task_manager_v1.c:1194  /usr/lib/ipsec/libcharon.so.0 @ 0x7fcbdfb1c000 [0x7fcbdfb42bcf]    -> /root/strongswan-5.0.4/src/libcharon/sa/ike_sa.c:1269  /usr/lib/ipsec/libcharon.so.0 @ 0x7fcbdfb1c000 [0x7fcbdfb3d737]    -> /root/strongswan-5.0.4/src/libcharon/processing/jobs/process_message_job.c:74  /usr/lib/ipsec/libstrongswan.so.0 @ 0x7fcbdff96000 [0x7fcbdffba70b]    -> /root/strongswan-5.0.4/src/libstrongswan/processing/processor.c:219  /usr/lib/ipsec/libstrongswan.so.0 @ 0x7fcbdff96000 [0x7fcbdffbcb40]    -> /root/strongswan-5.0.4/src/libstrongswan/threading/thread.c:310  /lib/x86_64-linux-gnu/libpthread.so.0 @ 0x7fcbdf8ff000 [0x7fcbdf906e9a]    -> ??:0  /lib/x86_64-linux-gnu/libc.so.6 @ 0x7fcbdf540000 (clone+0x6d) [0x7fcbdf633ccd]    -> ??:013[DMN] <x_15|1> killing ourself, received critical signalchild 10916 (charon) has been killed by sig 6


Config files (they do work at last as far as loading OK  -- I may have fat-fingered something when "anonymizing" them though):
/etc/ipsec.conf
config setup
ca xca	cacert=/etc/ipsec.d/cacerts/x_ca.crt	crluri=file:///etc/ipsec.d/crls/x_crl.pem	auto=add
conn x_15        type=transport        auto=add        installpolicy=yes        keyexchange=ikev1        authby=xauthrsasig        xauth=server        forceencaps=yes        left=1.2.3.4        leftsubnet=0.0.0.0/0        leftcert=/etc/ipsec.d/certs/server.com.crt        leftid="C=US, ST=x, L=x, O=x, OU=x, CN=server, N=server, E=server at server.com"		rightid="C=US, ST=x, L=x, O=x, OU=x, CN=15, N=15, E=15 at x"        right=%any	rightsourceip=172.16.10.80/29        dpdaction=clear        dpddelay=5s        dpdtimeout=30s

/etc/ipsec.secrets:
"C=US, ST=x, L=x, O=x, OU=x, CN=server, N=server, E=server at server.com" : RSA /etc/ipsec.d/private/server.com.key.pem15 : XAUTH "workplz"

/etc/strongswan.conf:
I have just turned on all the modules that are visible in /usr/lib/ipsec/plugins/libstrongswan-*.so in order to manually be able to turn them off one at a time looking for the problem (disabling xauth made it not crash, but doesn't prove its a problem with xauth, because the connection is obviously not getting established then).
Note: eth0:0 is 1.2.3.4

charon {	load =   aes  attr  cmac  constraints  curl  des  dnskey  fips-prf  gmp  hmac  kernel-netlink  md5  nonce  pem  pgp  pkcs1  pkcs7  pkcs8  pubkey  random  resolve  revocation  sha1  sha2  socket-default  sqlite  stroke  updown  x509 xcbc xauth-generic  	charon.interfaces_use = eth0:0        dns1 = 4.2.2.2	threads = 16	plugins {		sql {			loglevel = -1		}	}
	filelog {        /var/log/charon.log {            time_format = %b %e %T            default = 7         }        stderr {            ike = 7            knl = 7            ike_name = yes        }    }}pluto {}libstrongswan {}



Please somebody help? 
Thanks in advance,
Ewan



 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130729/b5a09c83/attachment.html>

More information about the Users mailing list