[strongSwan] charon crash right after xauth+rsa client connects (strongswan-5.0.4, ubuntu 12.04)

Ewan Smythe ewansmythe at outlook.com
Tue Jul 30 20:30:05 CEST 2013 

Not sure about the protocol for replying to one's own message on a mailing list, but I solved my own problem.
The problem was (not surprisingly) my own stupidity.
I had been playing around with configure PREFIX and EPREFIX and I think I ended up installing the strongswan plugins in a different place, so it was crashing when trying to use xauth-eap.
So, doing a complete make uninstall, make clean, manually cleaning up any previous droppings I had left in /lib or /usr/lib or wherever, and then rebuilding seems to have corrected it. --Ewan
From: ewansmythe at outlook.com
To: users at lists.strongswan.org
Date: Mon, 29 Jul 2013 16:22:17 -0400
Subject: [strongSwan] charon crash right after xauth+rsa client connects (strongswan-5.0.4, ubuntu 12.04)




Hello,
I would be very grateful for hints which will help me stop banging my head on the the keyboard.
I have just built a new server (Ubuntu 12.04 x64, strongSwan 5.0.4 built from source). It appears to load the configs OK, listcerts etc looks like certs are being loaded, and log messages indicate that the client certs are being accepted, but right after xauth, charon crashes.
There is a stack frame trace output in the logs:
13[LIB] <x_15|1>   /lib/x86_64-linux-gnu/libpthread.so.0 @ 0x7fcbdf8ff000 [0x7fcbdf906e9a]13[LIB] <x_15|1>     -> ??:013[LIB] <x_15|1>   /lib/x86_64-linux-gnu/libc.so.6 @ 0x7fcbdf540000 (clone+0x6d) [0x7fcbdf633ccd]13[LIB] <x_15|1>     -> ??:0 dumping 12 stack frame addresses:  /lib/x86_64-linux-gnu/libpthread.so.0 @ 0x7fcbdf8ff000 [0x7fcbdf90ecb0]    -> ??:0  /usr/lib/ipsec/libstrongswan.so.0 @ 0x7fcbdff96000 (is_asn1+0xa4) [0x7fcbdffa5c44]    -> /root/strongswan-5.0.4/src/libstrongswan/asn1/asn1.c:636  /usr/lib/ipsec/libstrongswan.so.0 @ 0x7fcbdff96000 (identification_create_from_data+0x47) [0x7fcbdffc17a7]    -> /root/strongswan-5.0.4/src/libstrongswan/utils/identification.c:1023  /usr/lib/ipsec/plugins/libstrongswan-xauth-generic.so @ 0x7fcbd65dd000 [0x7fcbd65ddc55]    -> /root/strongswan-5.0.4/src/libcharon/plugins/xauth_generic/xauth_generic.c:131  /usr/lib/ipsec/libcharon.so.0 @ 0x7fcbdfb1c000 [0x7fcbdfb6c5a1]    -> /root/strongswan-5.0.4/src/libcharon/sa/ikev1/tasks/xauth.c:460  /usr/lib/ipsec/libcharon.so.0 @ 0x7fcbdfb1c000 [0x7fcbdfb63013]    -> /root/strongswan-5.0.4/src/libcharon/sa/ikev1/task_manager_v1.c:1194  /usr/lib/ipsec/libcharon.so.0 @ 0x7fcbdfb1c000 [0x7fcbdfb42bcf]    -> /root/strongswan-5.0.4/src/libcharon/sa/ike_sa.c:1269  /usr/lib/ipsec/libcharon.so.0 @ 0x7fcbdfb1c000 [0x7fcbdfb3d737]    -> /root/strongswan-5.0.4/src/libcharon/processing/jobs/process_message_job.c:74  /usr/lib/ipsec/libstrongswan.so.0 @ 0x7fcbdff96000 [0x7fcbdffba70b]    -> /root/strongswan-5.0.4/src/libstrongswan/processing/processor.c:219  /usr/lib/ipsec/libstrongswan.so.0 @ 0x7fcbdff96000 [0x7fcbdffbcb40]    -> /root/strongswan-5.0.4/src/libstrongswan/threading/thread.c:310  /lib/x86_64-linux-gnu/libpthread.so.0 @ 0x7fcbdf8ff000 [0x7fcbdf906e9a]    -> ??:0  /lib/x86_64-linux-gnu/libc.so.6 @ 0x7fcbdf540000 (clone+0x6d) [0x7fcbdf633ccd]    -> ??:013[DMN] <x_15|1> killing ourself, received critical signalchild 10916 (charon) has been killed by sig 6


Config files (they do work at last as far as loading OK  -- I may have fat-fingered something when "anonymizing" them though):
/etc/ipsec.conf
config setup
ca xca	cacert=/etc/ipsec.d/cacerts/x_ca.crt	crluri=file:///etc/ipsec.d/crls/x_crl.pem	auto=add
conn x_15        type=transport        auto=add        installpolicy=yes        keyexchange=ikev1        authby=xauthrsasig        xauth=server        forceencaps=yes        left=1.2.3.4        leftsubnet=0.0.0.0/0        leftcert=/etc/ipsec.d/certs/server.com.crt        leftid="C=US, ST=x, L=x, O=x, OU=x, CN=server, N=server, E=server at server.com"		rightid="C=US, ST=x, L=x, O=x, OU=x, CN=15, N=15, E=15 at x"        right=%any	rightsourceip=172.16.10.80/29        dpdaction=clear        dpddelay=5s        dpdtimeout=30s

/etc/ipsec.secrets:
"C=US, ST=x, L=x, O=x, OU=x, CN=server, N=server, E=server at server.com" : RSA /etc/ipsec.d/private/server.com.key.pem15 : XAUTH "workplz"

/etc/strongswan.conf:
I have just turned on all the modules that are visible in /usr/lib/ipsec/plugins/libstrongswan-*.so in order to manually be able to turn them off one at a time looking for the problem (disabling xauth made it not crash, but doesn't prove its a problem with xauth, because the connection is obviously not getting established then).
Note: eth0:0 is 1.2.3.4

charon {	load =   aes  attr  cmac  constraints  curl  des  dnskey  fips-prf  gmp  hmac  kernel-netlink  md5  nonce  pem  pgp  pkcs1  pkcs7  pkcs8  pubkey  random  resolve  revocation  sha1  sha2  socket-default  sqlite  stroke  updown  x509 xcbc xauth-generic  	charon.interfaces_use = eth0:0        dns1 = 4.2.2.2	threads = 16	plugins {		sql {			loglevel = -1		}	}
	filelog {        /var/log/charon.log {            time_format = %b %e %T            default = 7         }        stderr {            ike = 7            knl = 7            ike_name = yes        }    }}pluto {}libstrongswan {}



Please somebody help? 
Thanks in advance,
Ewan



 		 	   		  

_______________________________________________
Users mailing list
Users at lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130730/fd67c83d/attachment.html>

More information about the Users mailing list