https://bugzilla.novell.com/show_bug.cgi?id=450364
Summary: Turnpike: adding phase2 subnet causing protection fault
with racoon
Product: openSUSE 11.0
Version: Final
Platform: x86-64
OS/Version: openSUSE 11.0
Status: NEW
Severity: Major
Priority: P5 - None
Component: Network
AssignedTo: bnc-team-screening@forge.provo.novell.com
ReportedBy: paca@sci.fi
QAContact: qa@suse.de
Found By: Community User
I'm trying to built vpn connection to ipsec-firewall by using vpnlogin.
As soon I add phase2 subnet setting to profile racoond dies
every time I try to connect, at time when turnpike sends phase2 config to
racoond.
Dec 1 07:48:04 linux-tq04 kernel: racoon[3930] general protection
ip:7f714f9c8d30 sp:7fff58513ba8 error:0 in libc-2.8.so[7f714f94b000+14f000]
Without phase 2 subnet (<networks> entry) phase1 is initialized fine.
rpm versions are:
turnpike-0.1.1-209.1
novell-ipsec-tools-0.6.3-183.1
######## Failing profile is like:
<?xml version="1.0"?>
<profile name="CONNECTIONTEST">
connectiontest.dyndns.org
Standard IPsec gateway
<certificate>mycert.pfx</certificate>
<policies>
<phase1>
<proposals>
<entry mode="MM" dhgroup="dh2" authmethod="X.509"/>
</proposals>
</phase1>
<phase2>
<proposals>
<entry pfsgroup="off"/>
</proposals>
<networks>
<entry network="192.168.0.0" mask="255.255.255.0"/>
</networks>
</phase2>
</policies>
</profile>
###########Syslog shows:
Dec 1 07:48:04 linux-tq04 racoon: DEBUG: configuring default isakmp port.
Dec 1 07:48:04 linux-tq04 racoon: NOTIFY: NAT-T is enabled, autoconfiguring
ports
Dec 1 07:48:04 linux-tq04 racoon: DEBUG: 6 addrs are configured successfully
Dec 1 07:48:04 linux-tq04 racoon: INFO: 127.0.0.1[500] used as isakmp port
(fd=8)
Dec 1 07:48:04 linux-tq04 racoon: INFO: 127.0.0.1[500] used for NAT-T
Dec 1 07:48:04 linux-tq04 racoon: INFO: 127.0.0.1[4500] used as isakmp port
(fd=9)
Dec 1 07:48:04 linux-tq04 racoon: INFO: 127.0.0.1[4500] used for NAT-T
Dec 1 07:48:04 linux-tq04 racoon: INFO: 127.0.0.2[500] used as isakmp port
(fd=10)
Dec 1 07:48:04 linux-tq04 racoon: INFO: 127.0.0.2[500] used for NAT-T
Dec 1 07:48:04 linux-tq04 racoon: INFO: 127.0.0.2[4500] used as isakmp port
(fd=11)
Dec 1 07:48:04 linux-tq04 racoon: INFO: 127.0.0.2[4500] used for NAT-T
Dec 1 07:48:04 linux-tq04 racoon: INFO: 85.131.96.167[500] used as isakmp port
(fd=12)
Dec 1 07:48:04 linux-tq04 racoon: INFO: 85.131.96.167[500] used for NAT-T
Dec 1 07:48:04 linux-tq04 racoon: INFO: 85.131.96.167[4500] used as isakmp
port (fd=13)
Dec 1 07:48:04 linux-tq04 racoon: INFO: 85.131.96.167[4500] used for NAT-T
Dec 1 07:48:04 linux-tq04 kernel: racoon[3930] general protection
ip:7f714f9c8d30 sp:7fff58513ba8 error:0 in libc-2.8.so[7f714f94b000+14f000]
########### .turpike/log.txt shows:
2008-12-01 07:47:54: INFO: Novell VPN Client for Linux GUI Startup ....
2008-12-01 07:48:04: INFO: server_ip_addr = 84.253.213.7
, source_ip = 85.131.96.167
2008-12-01 07:48:04: INFO: Successfully sent message type 305 to admin port
2008-12-01 07:48:04: INFO: peek length = 8, Peeked length = 8
2008-12-01 07:48:04: INFO: Received Length= 8
2008-12-01 07:48:04: INFO: The Received Buffer length is 8 ...
2008-12-01 07:48:04: INFO: Successfully sent message type 303 to admin port
2008-12-01 07:48:04: WARNING: Connection closed. May be server closed this
connection!
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.