Unexpected segmentation fault
Opened this issue · 5 comments
Openswan: 1:2.6.38-1
Error:
Jul 14 06:32:37 rtr-vpn01 kernel: : [93293.818023] pluto[29799]: segfault at 0 ip 08057572 sp bfaf3c00 error 4 in pluto[8048000+ed000]
Jul 14 06:32:37 rtr-vpn01 ipsec__plutorun: Segmentation fault
Jul 14 06:32:37 rtr-vpn01 ipsec__plutorun: !pluto failure!: exited with error status 139 (signal 11)
Jul 14 06:32:37 rtr-vpn01 ipsec__plutorun: restarting IPsec after pause...
We have the configuration file that cause the segfault, after removed it, openswan stops to constantly restarts.
Config file:
conn myvpn
authby=secret
type=tunnel
auto=start
left=%defaultroute
leftid=181.55.31.94
leftsubnet=10.10.0.0/30
leftsourceip=10.10.0.1
right=190.210.164.170
rightsubnet=10.131.0.60/30
pfs=no
ike=aes256-sha1;modp1536
esp=aes256-sha1;modp1536
ikelifetime=86400s
salifetime=28800s
dpddelay=30
dpdtimeout=150
dpdaction=restart
ikev2=insist
This was working well until the right side put their VPN down.
Any idea about this?
Regards
Hello @federicoaaguirre
The version of OSW you are using is older and we have had addressed several issues since then.
As such I woudl recommend upgrading to a more recent version of OSW. If the issue still occurs, I would request you provide the results of running ipsec barf
Openswan is installed a lot of OEM network devices subject to the OEM's upgrade paths. If the OEM doesn't update Openswan, then we are stuck on the current version. If the segmentation fault is a known issue in an old version, providing some context and even some configuration settings that may work around the issue would be far more helpful than telling users to upgrade when that isn't always an option for them.
Openswan has been abandoned about 10 years ago, see https://nohats.ca/wordpress/blog/2021/04/23/please-stop-using-openswan/
And
Openswan has had multiple releases over the last 10 years. While it is true it has been forked, it has had bug fixes and new features over the years.