[strongSwan] Strongswan 5.6.2: Segfault if charondebug = cfg > 2
Noel Kuntze
noel.kuntze+strongswan-users-ml at thermi.consulting
Tue Jun 5 22:16:30 CEST 2018
Hi,
Try with O2, not O3.
Kind regards
Noel
On 05.06.2018 22:11, Sven Anders wrote:
> Hello!
>
> I'm experiencing a segmentation fault, if I set charondebug = cfg to a value greater than 2.
> I'm using Strongwan 5.6.2 on Linux kernel 4.1.39 on a 32 bit system.
>
> Strongswan was compiled with:
>
> ./configure CFLAGS="-g -march=core2 -O3 -fstack-protector" LDFLAGS="-D_FORTIFY_SOURCE=2 -fPIE -pie -Wl,-z,relro,-z,now" --prefix=/usr
> --sysconfdir=/etc --enable-aes --enable-bliss --enable-blowfish --enable-ccm --enable-chapoly --enable-cmac --enable-ctr --enable-des
> --enable-fips-prf --enable-gcm --enable-gcrypt --enable-hmac --enable-md4 --enable-md5 --enable-mgf1 --enable-newhope --enable-nonce --enable-ntru
> --enable-openssl --enable-padlock --enable-random --enable-rc2 --enable-rdrand --enable-aesni --enable-sha1 --enable-sha2 --enable-sha3 --enable-xcbc
> --enable-dnskey --enable-pem --enable-pgp --enable-pkcs1 --enable-pkcs7 --enable-pkcs8 --enable-pkcs12 --enable-pubkey --enable-sshkey --enable-x509
> --enable-curl --enable-files --enable-ldap --enable-soup --enable-unbound --disable-winhttp --disable-mysql --enable-sqlite --enable-addrblock
> --enable-acert --disable-af-alg --enable-agent --enable-constraints --enable-coupling --enable-dnscert --enable-eap-sim --enable-eap-sim-file
> --disable-eap-sim-pcsc --enable-eap-aka --enable-eap-aka-3gpp --enable-eap-aka-3gpp2 --enable-eap-simaka-sql --enable-eap-simaka-pseudonym
> --enable-eap-simaka-reauth --enable-eap-identity --enable-eap-md5 --enable-eap-gtc --enable-eap-mschapv2 --enable-eap-tls --enable-eap-ttls
> --enable-eap-peap --enable-eap-tnc --enable-eap-dynamic --enable-eap-radius --enable-ext-auth --enable-ipseckey --disable-keychain --enable-pkcs11
> --enable-revocation --enable-whitelist --enable-xauth-generic --enable-xauth-eap --enable-xauth-pam --enable-xauth-noauth --enable-kernel-netlink
> --enable-kernel-pfkey --disable-kernel-iph --enable-kernel-libipsec --disable-kernel-wfp --enable-socket-default --enable-socket-dynamic
> --disable-socket-win --enable-stroke --enable-smp --enable-sql --disable-uci --enable-vici --disable-android-dns --enable-attr --enable-attr-sql
> --enable-bypass-lan --enable-counters --enable-dhcp --disable-osx-attr --disable-p-cscf --enable-resolve --enable-unity --disable-imc-test
> --disable-imv-test --enable-imc-scanner --enable-imv-scanner --enable-imc-os --enable-imv-os --enable-imc-attestation --enable-imv-attestation
> --enable-imc-swid --disable-imv-swid --enable-imc-hcd --enable-imv-hcd --enable-tnc-ifmap --enable-tnc-imc --enable-tnc-imv --enable-tnc-pdp
> --enable-tnccs-11 --enable-tnccs-20 --enable-tnccs-dynamic --disable-android-log --enable-certexpire --enable-connmark --enable-forecast
> --enable-duplicheck --enable-error-notify --enable-farp --enable-ha --enable-led --enable-load-tester --enable-lookip --enable-radattr
> --enable-systime-fix --enable-test-vectors --enable-updown --enable-aikgen --enable-charon --enable-cmd --disable-conftest --disable-dumm
> --disable-fast --enable-libipsec --disable-manager --disable-medcli --disable-medsrv --disable-nm --disable-pki --disable-scepclient --disable-scripts
> --disable-svc --enable-swanctl --disable-tkm --disable-bfd-backtraces --disable-dbghelp-backtraces --enable-ikev1 --enable-ikev2
> --enable-integrity-test --enable-load-warning --enable-mediation --disable-unwind-backtraces --disable-ruby-gems --disable-ruby-gems-install
> --disable-python-eggs --disable-python-eggs-install --disable-perl-cpan --disable-perl-cpan-install --enable-tss-trousers --enable-tss-tss2
> --disable-coverage --disable-leak-detective --disable-lock-profiler --enable-log-thread-ids
>
>
> with "gcc version 4.5.1" (sorry, cannot use a newer compiler on this system... :-( )
>
>
> Can anybody reproduce this?
>
>
>
> Starting strongSwan 5.6.2 IPsec [starter]...
> 2205[DMN] Starting IKE charon daemon (strongSwan 5.6.2, Linux 4.1.39-core2, i686)
> 2205[LIB] plugin 'test-vectors': loaded successfully
> 2205[LIB] plugin 'unbound': loaded successfully
> 2205[LIB] plugin 'ldap': loaded successfully
> 2205[CFG] PKCS11 module '<name>' lacks library path
> 2205[LIB] plugin 'pkcs11': loaded successfully
> 2205[LIB] plugin 'aesni': loaded successfully
> 2205[LIB] plugin 'aes': loaded successfully
> 2205[LIB] plugin 'des': loaded successfully
> 2205[LIB] plugin 'blowfish': loaded successfully
> 2205[LIB] plugin 'rc2': loaded successfully
> 2205[LIB] plugin 'sha2': loaded successfully
> 2205[LIB] plugin 'sha3': loaded successfully
> 2205[LIB] plugin 'sha1': loaded successfully
> 2205[LIB] plugin 'md4': loaded successfully
> 2205[LIB] plugin 'md5': loaded successfully
> 2205[LIB] plugin 'mgf1': loaded successfully
> 2205[LIB] plugin 'rdrand': loaded successfully
> 2205[LIB] detected RDRAND support, enabled
> 2205[LIB] plugin 'random': loaded successfully
> 2205[LIB] plugin 'nonce': loaded successfully
> 2205[LIB] plugin 'x509': loaded successfully
> 2205[LIB] plugin 'revocation': loaded successfully
> 2205[LIB] plugin 'constraints': loaded successfully
> 2205[LIB] plugin 'acert': loaded successfully
> 2205[LIB] plugin 'pubkey': loaded successfully
> 2205[LIB] plugin 'pkcs1': loaded successfully
> 2205[LIB] plugin 'pkcs7': loaded successfully
> 2205[LIB] plugin 'pkcs8': loaded successfully
> 2205[LIB] plugin 'pkcs12': loaded successfully
> 2205[LIB] plugin 'pgp': loaded successfully
> 2205[LIB] plugin 'dnskey': loaded successfully
> 2205[LIB] plugin 'sshkey': loaded successfully
> 2205[LIB] plugin 'dnscert': loaded successfully
> 2205[LIB] plugin 'pem': loaded successfully
> 2205[LIB] Padlock features supported:, enabled:
> 2205[LIB] plugin 'padlock': loaded successfully
> 2205[LIB] plugin 'openssl': loaded successfully
> 2205[LIB] plugin 'fips-prf': loaded successfully
> 2205[LIB] plugin 'gmp': loaded successfully
> 2205[LIB] plugin 'curve25519': loaded successfully
> 2205[LIB] plugin 'agent': loaded successfully
> 2205[LIB] plugin 'chapoly': loaded successfully
> 2205[LIB] plugin 'xcbc': loaded successfully
> 2205[LIB] plugin 'cmac': loaded successfully
> 2205[LIB] plugin 'hmac': loaded successfully
> 2205[LIB] plugin 'ctr': loaded successfully
> 2205[LIB] plugin 'ccm': loaded successfully
> 2205[LIB] plugin 'gcm': loaded successfully
> 2205[LIB] plugin 'ntru': loaded successfully
> 2205[LIB] plugin 'newhope': loaded successfully
> 2205[LIB] plugin 'bliss': loaded successfully
> 2205[LIB] plugin 'curl': loaded successfully
> 2205[LIB] plugin 'files': loaded successfully
> 2205[LIB] using SQLite 3.7.15.2, thread safety 1
> 2205[LIB] plugin 'sqlite': loaded successfully
> 2205[CFG] loaded attribute INTERNAL_IP4_DNS: 0a:01:03:0a
> 2205[CFG] loaded attribute INTERNAL_IP4_DNS: 0a:01:03:0b
> 2205[CFG] loaded attribute (25): 6d:65:2d:67:72:6f:75:70:2e:6c:6f:63:61:6c
> 2205[LIB] plugin 'attr': loaded successfully
> 2205[LIB] plugin 'attr-sql': loaded successfully
> 2205[CFG] disabling load-tester plugin, not configured
> 2205[LIB] plugin 'load-tester': failed to load - load_tester_plugin_create returned NULL
> 2205[LIB] plugin 'kernel-netlink': loaded successfully
> 2205[LIB] plugin 'socket-default': loaded successfully
> 2205[LIB] plugin 'connmark': loaded successfully
> 2205[LIB] plugin 'stroke': loaded successfully
> 2205[LIB] plugin 'vici': loaded successfully
> 2205[LIB] plugin 'updown': loaded successfully
> 2205[LIB] plugin 'eap-identity': loaded successfully
> 2205[LIB] plugin 'eap-sim': loaded successfully
> 2205[LIB] plugin 'eap-sim-file': loaded successfully
> 2205[LIB] plugin 'eap-aka': loaded successfully
> 2205[LIB] plugin 'eap-aka-3gpp': loaded successfully
> 2205[LIB] plugin 'eap-aka-3gpp2': loaded successfully
> 2205[LIB] plugin 'eap-simaka-sql': loaded successfully
> 2205[LIB] plugin 'eap-simaka-pseudonym': loaded successfully
> 2205[LIB] plugin 'eap-simaka-reauth': loaded successfully
> 2205[LIB] plugin 'eap-md5': loaded successfully
> 2205[LIB] plugin 'eap-gtc': loaded successfully
> 2205[LIB] plugin 'eap-mschapv2': loaded successfully
> 2205[LIB] plugin 'eap-dynamic': loaded successfully
> 2205[LIB] plugin 'eap-radius': loaded successfully
> 2205[LIB] plugin 'eap-tls': loaded successfully
> 2205[LIB] plugin 'eap-ttls': loaded successfully
> 2205[LIB] plugin 'eap-peap': loaded successfully
> 2205[LIB] plugin 'eap-tnc': loaded successfully
> 2205[LIB] plugin 'xauth-generic': loaded successfully
> 2205[LIB] plugin 'xauth-eap': loaded successfully
> 2205[LIB] plugin 'xauth-pam': loaded successfully
> 2205[LIB] plugin 'xauth-noauth': loaded successfully
> 2205[LIB] plugin 'tnc-ifmap': loaded successfully
> 2205[LIB] plugin 'tnc-pdp': loaded successfully
> 2205[LIB] plugin 'tnc-imc': loaded successfully
> 2205[LIB] plugin 'tnc-imv': loaded successfully
> 2205[LIB] plugin 'tnc-tnccs': loaded successfully
> 2205[LIB] plugin 'tnccs-20': loaded successfully
> 2205[LIB] plugin 'tnccs-11': loaded successfully
> 2205[LIB] plugin 'tnccs-dynamic': loaded successfully
> 2205[LIB] plugin 'dhcp': loaded successfully
> 2205[LIB] plugin 'ha': loaded successfully
> 2205[LIB] plugin 'whitelist': loaded successfully
> 2205[LIB] plugin 'ext-auth': loaded successfully
> 2205[LIB] plugin 'lookip': loaded successfully
> 2205[LIB] plugin 'error-notify': loaded successfully
> 2205[LIB] plugin 'certexpire': loaded successfully
> 2205[LIB] plugin 'systime-fix': loaded successfully
> 2205[LIB] plugin 'led': loaded successfully
> 2205[LIB] plugin 'duplicheck': loaded successfully
> 2205[LIB] plugin 'coupling': loaded successfully
> 2205[LIB] plugin 'addrblock': loaded successfully
> 2205[LIB] plugin 'unity': loaded successfully
> 2205[LIB] plugin 'counters': loaded successfully
> 2205[KNL] known interfaces and IP addresses:
> 2205[KNL] lo
> 2205[KNL] 127.0.0.1
> 2205[KNL] ::1
> 2205[KNL] eth1
> 2205[KNL] fe80::20c:29ff:fede:e80a
> 2205[KNL] eth2
> 2205[KNL] fe80::20c:29ff:fede:e832
> 2205[KNL] eth3
> 2205[KNL] fe80::20c:29ff:fede:e814
> 2205[KNL] eth4
> 2205[KNL] fe80::20c:29ff:fede:e8f6
> 2205[KNL] eth5
> 2205[KNL] fe80::20c:29ff:fede:e81e
> 2205[KNL] eth6
> 2205[KNL] fe80::20c:29ff:fede:e800
> 2205[KNL] eth7
> 2205[KNL] fe80::20c:29ff:fede:e828
> 2205[KNL] eth0
> 2205[KNL] 10.10.133.2
> 2205[KNL] fe80::250:56ff:feaf:ae7a
> 2205[KNL] bond0
> 2205[KNL] bond1
> 2205[KNL] bond2
> 2205[KNL] bond3
> 2205[LIB] feature PUBKEY:DSA in plugin 'pem' has unmet dependency: PUBKEY:DSA
> 2205[CFG] loading unbound resolver config from '/etc/resolv.conf'
> 2205[CFG] failed to read the resolver config: error reading file (No such file or directory)
> 2205[CFG] failed to create a DNS resolver instance
> 2205[LIB] feature CUSTOM:dnscert in plugin 'dnscert' failed to load
> 2205[LIB] feature PRIVKEY:DSA in plugin 'pem' has unmet dependency: PRIVKEY:DSA
> 2205[LIB] feature CERT_DECODE:OCSP_REQUEST in plugin 'pem' has unmet dependency: CERT_DECODE:OCSP_REQUEST
> 2205[CFG] attr-sql plugin: database URI not set
> 2205[LIB] feature CUSTOM:attr-sql in plugin 'attr-sql' failed to load
> 2205[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
> 2205[CFG] loaded ca certificate "C=DE, ST=Bavaria, L=Ortenburg, O=Micro-Epsilon, OU=IT, DC=local, DC=me-group, CN=Micro-Epsilon CA" from
> '/etc/ipsec.d/cacerts/me-ca.crt'
> 2205[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
> 2205[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
> 2205[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
> 2205[CFG] loading crls from '/etc/ipsec.d/crls'
> 2205[CFG] loading secrets from '/etc/ipsec.secrets'
> 2205[CFG] opening triplet file /etc/ipsec.d/triplets.dat failed: No such file or directory
> 2205[LIB] feature CUSTOM:eap-sim-file-triplets in plugin 'eap-sim-file' failed to load
> 2205[LIB] feature CUSTOM:sim-card in plugin 'eap-sim-file' has unmet dependency: CUSTOM:eap-sim-file-triplets
> 2205[LIB] feature CUSTOM:sim-provider in plugin 'eap-sim-file' has unmet dependency: CUSTOM:eap-sim-file-triplets
> 2205[CFG] eap-simaka-sql database URI missing
> 2205[LIB] feature CUSTOM:eap-simaka-sql-db in plugin 'eap-simaka-sql' failed to load
> 2205[LIB] feature CUSTOM:aka-card in plugin 'eap-simaka-sql' has unmet dependency: CUSTOM:eap-simaka-sql-db
> 2205[LIB] feature CUSTOM:sim-card in plugin 'eap-simaka-sql' has unmet dependency: CUSTOM:eap-simaka-sql-db
> 2205[LIB] feature CUSTOM:aka-provider in plugin 'eap-simaka-sql' has unmet dependency: CUSTOM:eap-simaka-sql-db
> 2205[LIB] feature CUSTOM:sim-provider in plugin 'eap-simaka-sql' has unmet dependency: CUSTOM:eap-simaka-sql-db
> 2205[CFG] loaded 0 RADIUS server configurations
> 2205[TNC] MAP server certificate not defined
> 2205[LIB] feature CUSTOM:tnc-ifmap-2.1 in plugin 'tnc-ifmap' failed to load
> 2205[TNC] TNC recommendation policy is 'default'
> 2205[TNC] loading IMVs from '/etc/tnc_config'
> 2205[TNC] opening configuration file '/etc/tnc_config' failed: No such file or directory
> 2205[CFG] missing PDP server name, PDP disabled
> 2205[LIB] feature CUSTOM:tnc-pdp in plugin 'tnc-pdp' failed to load
> 2205[TNC] loading IMCs from '/etc/tnc_config'
> 2205[TNC] opening configuration file '/etc/tnc_config' failed: No such file or directory
> 2205[CFG] HA config misses local/remote address
> 2205[LIB] feature CUSTOM:ha in plugin 'ha' failed to load
> 2205[CFG] no script for ext-auth script defined, disabled
> 2205[LIB] feature CUSTOM:ext_auth in plugin 'ext-auth' failed to load
> 2205[CFG] no threshold configured for systime-fix, disabled
> 2205[LIB] feature CUSTOM:systime-fix in plugin 'systime-fix' failed to load
> 2205[CFG] coupling file path unspecified
> 2205[LIB] feature CUSTOM:coupling in plugin 'coupling' failed to load
> 2205[LIB] unloading plugin 'dnscert' without loaded features
> 2205[LIB] unloading plugin 'padlock' without loaded features
> 2205[LIB] unloading plugin 'attr-sql' without loaded features
> 2205[LIB] unloading plugin 'eap-sim-file' without loaded features
> 2205[LIB] unloading plugin 'eap-simaka-sql' without loaded features
> 2205[LIB] unloading plugin 'tnc-ifmap' without loaded features
> 2205[LIB] unloading plugin 'tnc-pdp' without loaded features
> 2205[LIB] unloading plugin 'ha' without loaded features
> 2205[LIB] unloading plugin 'ext-auth' without loaded features
> 2205[LIB] unloading plugin 'systime-fix' without loaded features
> 2205[LIB] unloading plugin 'coupling' without loaded features
> 2205[LIB] loaded plugins: charon test-vectors unbound ldap pkcs11 aesni aes des blowfish rc2 sha2 sha3 sha1 md4 md5 mgf1 rdrand random nonce x509
> revocation constraints acert pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp curve25519 agent chapoly xcbc cmac hmac ctr
> ccm gcm ntru newhope bliss curl files sqlite attr kernel-netlink socket-default connmark stroke vici updown eap-identity eap-sim eap-aka eap-aka-3gpp
> eap-aka-3gpp2 eap-simaka-pseudonym eap-simaka-reauth eap-md5 eap-gtc eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap eap-tnc
> xauth-generic xauth-eap xauth-pam xauth-noauth tnc-imc tnc-imv tnc-tnccs tnccs-20 tnccs-11 tnccs-dynamic dhcp whitelist lookip error-notify certexpire
> led duplicheck addrblock unity counters
> 2205[LIB] unable to load 19 plugin features (9 due to unmet dependencies)
> 2205[JOB] spawning 16 worker threads
> 2219[LIB] created thread 2219 [2219]
> 2220[LIB] created thread 2220 [2220]
> 2221[LIB] created thread 2221 [2221]
> 2221[NET] waiting for data on sockets
> 2211[LIB] created thread 2211 [2211]
> 2212[LIB] created thread 2212 [2212]
> 2216[LIB] created thread 2216 [2216]
> 2213[LIB] created thread 2213 [2213]
> 2214[LIB] created thread 2214 [2214]
> 2215[LIB] created thread 2215 [2215]
> 2217[LIB] created thread 2217 [2217]
> 2218[LIB] created thread 2218 [2218]
> 2210[LIB] created thread 2210 [2210]
> 2209[LIB] created thread 2209 [2209]
> 2208[LIB] created thread 2208 [2208]
> 2207[LIB] created thread 2207 [2207]
> 2206[LIB] created thread 2206 [2206]
> charon (2205) started after 140 ms
> 2212[DMN] thread 2212 received 11
> 2212[LIB] dumping 13 stack frame addresses:
> 2212[LIB] /lib/libpthread.so.0 @ 0x40138000 [0x40146af8]
> sh: addr2line: not found
> 2212[LIB] ->
> 2212[LIB] /usr/lib/ipsec/libstrongswan.so.0 @ 0x40021000 [0x4006d05e]
> sh: addr2line: not found
> 2212[LIB] ->
> 2212[LIB] /lib/libc.so.6 @ 0x40157000 (_IO_vfprintf+0xa35) [0x40197c35]
> sh: addr2line: not found
> 2212[LIB] ->
> 2212[LIB] /lib/libc.so.6 @ 0x40157000 (vsnprintf+0xbd) [0x401bfafd]
> sh: addr2line: not found
> 2212[LIB] ->
> 2212[LIB] /usr/lib/ipsec/libcharon.so.0 @ 0x4007e000 [0x40087838]
> sh: addr2line: not found
> 2212[LIB] ->
> 2212[LIB] /usr/lib/ipsec/libcharon.so.0 @ 0x4007e000 [0x4008799d]
> sh: addr2line: not found
> 2212[LIB] ->
> 2212[LIB] /usr/lib/ipsec/plugins/libstrongswan-stroke.so @ 0x40988000 [0x4098b07e]
> sh: addr2line: not found
> 2212[LIB] ->
> 2212[LIB] /usr/lib/ipsec/libstrongswan.so.0 @ 0x40021000 [0x40051a64]
> sh: addr2line: not found
> 2212[LIB] ->
> 2212[LIB] /usr/lib/ipsec/libstrongswan.so.0 @ 0x40021000 [0x4005556a]
> sh: addr2line: not found
> 2212[LIB] ->
> 2212[LIB] /usr/lib/ipsec/libstrongswan.so.0 @ 0x40021000 [0x40055fc2]
> sh: addr2line: not found
> 2212[LIB] ->
> 2212[LIB] /usr/lib/ipsec/libstrongswan.so.0 @ 0x40021000 [0x4006a739]
> sh: addr2line: not found
> 2212[LIB] ->
> 2212[LIB] /lib/libpthread.so.0 @ 0x40138000 [0x4013daf5]
> sh: addr2line: not found
> 2212[LIB] ->
> 2212[LIB] /lib/libc.so.6 @ 0x40157000 (clone+0x5e) [0x402334be]
> sh: addr2line: not found
> 2212[LIB] ->
> dumping 13 stack frame addresses:
> /lib/libpthread.so.0 @ 0x40138000 [0x40146af8]
> sh: addr2line: not found
> ->
> /usr/lib/ipsec/libstrongswan.so.0 @ 0x40021000 [0x4006d05e]
> sh: addr2line: not found
> ->
> /lib/libc.so.6 @ 0x40157000 (_IO_vfprintf+0xa35) [0x40197c35]
> sh: addr2line: not found
> ->
> /lib/libc.so.6 @ 0x40157000 (vsnprintf+0xbd) [0x401bfafd]
> sh: addr2line: not found
> ->
> /usr/lib/ipsec/libcharon.so.0 @ 0x4007e000 [0x40087838]
> sh: addr2line: not found
> ->
> /usr/lib/ipsec/libcharon.so.0 @ 0x4007e000 [0x4008799d]
> sh: addr2line: not found
> ->
> /usr/lib/ipsec/plugins/libstrongswan-stroke.so @ 0x40988000 [0x4098b07e]
> sh: addr2line: not found
> ->
> /usr/lib/ipsec/libstrongswan.so.0 @ 0x40021000 [0x40051a64]
> sh: addr2line: not found
> ->
> /usr/lib/ipsec/libstrongswan.so.0 @ 0x40021000 [0x4005556a]
> sh: addr2line: not found
> ->
> /usr/lib/ipsec/libstrongswan.so.0 @ 0x40021000 [0x40055fc2]
> sh: addr2line: not found
> ->
> /usr/lib/ipsec/libstrongswan.so.0 @ 0x40021000 [0x4006a739]
> sh: addr2line: not found
> ->
> /lib/libpthread.so.0 @ 0x40138000 [0x4013daf5]
> sh: addr2line: not found
> ->
> /lib/libc.so.6 @ 0x40157000 (clone+0x5e) [0x402334be]
> sh: addr2line: not found
> ->
> 2212[DMN] killing ourself, received critical signal
> connecting to 'unix:///var/run/charon.ctl' failed: Connection refused
> failed to connect to stroke socket 'unix:///var/run/charon.ctl'
> charon has died -- restart scheduled (5sec)
> ^Cipsec starter stopped
>
>
> Here is the debug output:
>
>
> Program received signal SIGSEGV, Segmentation fault.
> [Switching to Thread 0x41873b70 (LWP 2004)]
> 0x40069aed in mem_printf_hook (data=0x41871f40, spec=0x41871f30, args=0x41871f70) at utils/utils/memory.c:224
> 224 utils/utils/memory.c: No such file or directory.
> in utils/utils/memory.c
> (gdb) bt
> #0 0x40069aed in mem_printf_hook (data=0x41871f40, spec=0x41871f30, args=0x41871f70) at utils/utils/memory.c:224
> #1 0x4006d05e in custom_print (stream=0x41872bdc, info=0x41871fe0, args=0x41871f70)
> at utils/printf_hook/printf_hook_glibc.c:117
> #2 0x40197c35 in vfprintf () from /lib/libc.so.6
> #3 0x401bfafd in vsnprintf () from /lib/libc.so.6
> #4 0x40087838 in vlog (this=0x8000cca8, group=DBG_CFG, level=LEVEL_RAW, format=0x4099bc73 "stroke message %b",
> args=0x41873190 "x*\006\200\264\002") at bus/bus.c:398
> #5 0x4008799d in log_ (this=0x8000cca8, group=DBG_CFG, level=LEVEL_RAW, format=0x4099bc73 "stroke message %b")
> at bus/bus.c:439
> #6 0x4098b07e in on_accept (this=0x8005ca60, stream=0x80062918) at stroke_socket.c:647
> #7 0x40051a64 in accept_async (data=0x80062958) at networking/streams/stream_service.c:189
> #8 0x4005556a in execute (this=0x80062a38) at processing/jobs/callback_job.c:77
> #9 0x40055fc2 in process_job (worker=0x80055e40) at processing/processor.c:235
> #10 process_jobs (worker=0x80055e40) at processing/processor.c:321
> #11 0x4006a739 in thread_main (this=0x80021100) at threading/thread.c:331
> #12 0x4013daf5 in start_thread (arg=0x41873b70) at pthread_create.c:297
> #13 0x402334be in clone () from /lib/libc.so.6
>
>
> ipsec.conf:
>
> #-----------------------------------------------------------------------------
> # Global config
> #-----------------------------------------------------------------------------
>
> config setup
>
> # Allows few simultaneous connections with one user account.
> # By default only one active connection per user allowed.
> # This option also usefull if you have limited rightsourceip pool and want to kick your ghost connection while reconnecting.
> uniqueids=no
>
> # Increase debug level
> charondebug = ike 2, net 2, pts 2, lib 2, tls 2, cfg 2, knl 2
> # charondebug = ike 4, net 4, pts 4, lib 4, tls 2, cfg 3, knl 4, enc 4, esp 4, tnc 4
>
> #-----------------------------------------------------------------------------
> # Basic configs
> #-----------------------------------------------------------------------------
>
> conn rw-base
> # enables IKE fragmentation
> fragmentation=yes
>
> # dpdtimeout is not honored for ikev2. For IKEv2, every message is used
> # to determine the timeout, so the generic timeout value for IKEv2 messages
> # is used.
> dpdtimeout=90s
> dpddelay=30s
> dpdaction=clear
>
> # this is used in every conn in which the client is assigned a "virtual" IP or
> # one or several DNS servers
> # the cipher suits require the openssl plugin.
> conn rw-config
> also=rw-base
>
> # not possible with asymmetric authentication
> reauth=no
> rekey=no
>
> # secure cipher suits
> ike=aes192gcm16-aes128gcm16-aes192-prfsha256-ecp256-ecp521,aes192-sha256-modp3072
> esp=aes192gcm16-aes128gcm16-aes192-ecp256,aes192-sha256-modp3072
>
> # RECEIVED FROM THE CLIENT SIDE
> leftsubnet=10.0.0.0/8 # Split tunnel config
> leftid="vpn.mydom.net"
> leftcert=server.crt
> leftsendcert=always # not "never"
> left=10.2.115.99 # External IP: 217.6.20.75
> lefthostaccess=yes
>
> # SEND FROM THE SERVER SIDE
> rightdns=10.1.3.10, 10.1.3.11
> rightsourceip=%static, %dynamic
>
> #-----------------------------------------------------------------------------
> # IKEv1
> #-----------------------------------------------------------------------------
>
> ## this conn is set up for l2tp support where the user authentication is happening
> ## in the l2tp control connection. With L2TP, clients are usually not assigned
> ## a virtual IP in IKE.
> ## Charon is not an l2tp server. You need to install xl2tp for that and configure it correctly.
> ## mark=%unique requires the connmark plugin.
> #conn ikev1-l2tp-chap-auth-in-l2tp
> # also=rw-base
> # # reduce to the most secure combination the client can support, if absolutely required.
> # ike=aes128-sha1-modp3072
> # esp=aes128-sha1-modp3072
> # leftsubnet=%dynamic[/1701]
> # rightsubnet=%dynamic
> # mark=%unique
> # leftauth=psk
> # rightauth=psk
> # type=transport
> # auto=add
>
> ## this conn is set up for l2tp support where the user authentication is happening
> ## during the IKEv1 authentication. With L2TP, clients are usually not assigned
> ## a virtual IP in IKE.
> ## mark=%unique requires the connmark plugin.
> ## this requires the xauth-generic plugin.
> #conn ikev1-l2tp-xauth-in-ike
> # also=rw-base
> # # reduce to the most secure combination the client can support, if absolutely required.
> # ike=aes128-sha1-modp3072
> # esp=aes128-sha1-modp3072
> # leftsubnet=%dynamic[/1701]
> # rightsubnet=%dynamic
> # mark=%unique
> # leftauth=psk
> # rightauth=psk
> # rightauth2=xauth-generic
> # xauth=server
> # # not possible with asymmetric authentication
> # reauth=no
> # rekey=no
> # type=transport
> # auto=add
>
> # this requires the xauth-generic plugin.
> # (for iPhones mit IKEv1 und Shared Secret)
> #conn ikev1-psk-xauth
> # also=rw-config
> # keyexchange=ikev1
> # leftauth=psk
> # rightauth=psk
> # rightauth2=xauth-generic
> # xauth=server
> # auto=add
>
> # leftauth and rightauth default to "pubkey", so no change necessary.
> #conn ikev1-pubkey
> # also=rw-config
> # keyexchange=ikev1
> # auto=add
>
> # this requires the xauth-generic plugin.
> # (for iPhones with IKEv1 and local stored passwords)
> #conn ikev1-pubkey-xauth
> # also=rw-config
> # keyexchange=ikev1
> # #rightauth=pubkey
> # rightauth2=xauth-generic
> # xauth=server
> # auto=add
>
> # this requires the xauth-noauth plugin.
> # (for iPhones with IKEv1 WITHOUT password querying)
> conn ikev1-pubkey-xauth-noauth
> also=rw-config
> keyexchange=ikev1
> #rightauth=pubkey
> rightauth2=xauth-noauth
> xauth=server
> auto=add
>
> # this requires the xauth-pam plugin.
> # (for iPhones with IKEv1 and passwords via PAM)
> #conn ikev1-pubkey-xauth-radius
> # also=rw-config
> # keyexchange=ikev1
> # #rightauth=pubkey
> # rightauth2=xauth-pam
> # xauth=server
> # auto=add
>
> # this requires the eap-radius plugin.
> # (for iPhones with IKEv1 and passwords on radius/DC)
> #conn ikev1-pubkey-xauth-radius
> # also=rw-config
> # keyexchange=ikev1
> # #rightauth=pubkey
> # rightauth2=eap-radius
> # xauth=server
> # auto=add
>
> # this requires the xauth-generic plugin.
> #conn ikev1-hybrid
> # also=rw-config
> # keyexchange=ikev1
> # rightauth=xauth-generic
> # xauth=server
>
> #-----------------------------------------------------------------------------
> # IKEv2
> #-----------------------------------------------------------------------------
>
> # use IKEv2 with client certificate only
> conn ikev2-pubkey
> also=rw-config
> keyexchange=ikev2
> auto=add
>
> ## IF you need to support several EAP methods at the same time, you need to
> ## use eap-dynamic and not use any other conn with eap settings.
> ## Add the settings for the eap-dynamic plugin to your strongswan.conf file.
> #
> #conn ikev2-eap
> # also=rw-config
> # keyexchange=ikev2
> # rightauth=eap-dynamic
> # eap_identity=%identity
> # auto=add
> #
>
> # this requires the eap-tls plugin.
> #conn ikev2-eap-tls
> # also=rw-base
> # keyexchange=ikev2
> # rightauth=eap-tls
> # eap_identity=%identity
> # auto=add
>
>
> ## this requires the eap-gtc plugin.
> #conn ikev2-eap-gtc
> # also=rw-config
> # keyexchange=ikev2
> # rightauth=eap-gtc
> # eap_identity=%identity
> # auto=add
>
> # this requires the eap-mschapv2 plugin.
> # (Apple clients with cert+password usually goes here)
> #conn ikev2-eap-mschapv2
> # also=rw-config
> # keyexchange=ikev2
> # auto=add
> # # right - remote (client) side
> # rightauth=eap-mschapv2
> # eap_identity=%identity
>
> # Use RADIUS EAP plugin
> #conn ikev2-eap-radius
> # also=rw-config
> # keyexchange=ikev2
> # auto=add
> # # right - remote (client) side
> # rightauth=eap-radius
> # eap_identity=%identity
>
>
>
> Regards
> Sven Anders
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180605/11cf1724/attachment-0001.sig>
More information about the Users
mailing list