[strongSwan] charon crash on Mac OS X 10.9 with IPv6 Virtual IP
Christian Becker
phpbeck at googlemail.com
Sun Mar 16 16:26:33 CET 2014
Hi,
i’m currently working on a dual stack roadwarrior configuration on osx.
Server: CentOS 6.5 - strongswan 5.1.1 - native IPv4 and IPv6
Client: Mac OS X 10.9 - strongswan 5.1.2 - native IPv4 and IPv6
Source for strongswan on osx is homebrew with --with-curl and --with-suite-b additionally i tried building with --disable-kernel-netlink, --enable-kernel-pfroute, --disable-gmp, --disable-scripts
Server configuration:
conn osx
left=vpn.XXX.de
leftcert=vpn.cert
leftid=@vpn.XXX.de
leftsendcert=always
rightid=XXX at XXX.de
leftsubnet=89.238.X.Y/28,2a00:ZZZZ:2000:781::/64,2a00:ZZZZ:2000:470::/64
rightsourceip=10.3.1.0/24,2a00:ZZZZ:2000:470::/120
leftauth=pubkey
rightauth=pubkey
right=%any
rightdns=217.11.48.200,217.11.49.200,2a00:1828:1000:1148::2,2a00:1828:1000:1149::2
keyexchange=ikev2
esp=aes256-sha256-modp4096!
ike=aes256-sha256-modp4096!
auto=add
Client configuration:
conn rw
left=%any
leftcert=/usr/local/etc/ipsec.d/certs/XXX.cert
leftid=XXX at XXX.de
leftsourceip=%config4,%config6
right=XXX
rightid=@vpn.XXX.de
leftauth=pubkey
rightauth=pubkey
rightsubnet=89.238.X.Y/28,2a00:ZZZZ:2000:781::/64,2a00:ZZZZ:2000:470::/64
keyexchange=ikev2
esp=aes256-sha256-modp4096!
ike=aes256-sha256-modp4096!
auto=add
The crash happens when installing the SA:
Process: charon [18267]
Path: /usr/local/Cellar/strongswan/5.1.2/libexec/ipsec/charon
Identifier: charon
Version: 0
Code Type: X86-64 (Native)
Parent Process: starter [18264]
Responsible: iTerm [2353]
User ID: 0
Date/Time: 2014-03-16 16:20:18.340 +0100
OS Version: Mac OS X 10.9.2 (13C64)
Report Version: 11
Anonymous UUID: 407F89B7-CEEA-1738-ADF3-B45639BCA212
Sleep/Wake UUID: A9F67D63-891A-4BD7-92C8-4F51EF3DCE31
Crashed Thread: 9
Exception Type: EXC_CRASH (SIGABRT)
Exception Codes: 0x0000000000000000, 0x0000000000000000
Application Specific Information:
detected buffer overflow
[…]
Thread 9 Crashed:
0 libsystem_kernel.dylib 0x00007fff84ffc866 __pthread_kill + 10
1 libsystem_pthread.dylib 0x00007fff8cf9335c pthread_kill + 92
2 libsystem_c.dylib 0x00007fff85132b1a abort + 125
3 libsystem_c.dylib 0x00007fff85132c91 abort_report_np + 181
4 libsystem_c.dylib 0x00007fff85156860 __chk_fail + 48
5 libsystem_c.dylib 0x00007fff85156830 __chk_fail_overflow + 16
6 libsystem_c.dylib 0x00007fff85156d84 __memcpy_chk + 37
7 libstrongswan.0.dylib 0x000000010b37587b set_address + 129
8 libstrongswan-kernel-pfroute.so 0x000000010b6a61be add_ip + 96
9 libcharon.0.dylib 0x000000010b3c9be5 add_virtual_ip + 132
10 libcharon.0.dylib 0x000000010b3dd13f process_i + 127
11 libcharon.0.dylib 0x000000010b3d33e2 process_message + 1454
12 libcharon.0.dylib 0x000000010b3cace2 process_message + 73
13 libcharon.0.dylib 0x000000010b3c517b execute + 161
14 libstrongswan.0.dylib 0x000000010b379cb5 process_jobs + 359
15 libstrongswan.0.dylib 0x000000010b37c590 thread_main + 117
16 libsystem_pthread.dylib 0x00007fff8cf92899 _pthread_body + 138
17 libsystem_pthread.dylib 0x00007fff8cf9272a _pthread_start + 137
18 libsystem_pthread.dylib 0x00007fff8cf96fc9 thread_start + 13
[…]
Additionally here are the connection logs:
09[IKE] IKE_SA rw[1] established between 192.168.2.107[XXX at XXX.de]…89.238.X.Y[vpn.XXX.de]
09[IKE] scheduling reauthentication in 9992s
09[IKE] maximum IKE_SA lifetime 10532s
09[IKE] installing new virtual IP 10.3.1.1
09[LIB] created TUN device: utun1
10[KNL] interface utun1 appeared
09[IKE] installing new virtual IP 2a00:ZZZZ:2000:470::1
09[LIB] created TUN device: utun2
11[KNL] interface utun2 appeared
I can also see this when using ipsec up rw:
created TUN device: utun2
=> ipsec exits to prompt
So the crash seems to happen when adding the IPv6 Address to utun2, but i don’t have any idea why.
More information about the Users
mailing list