SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0001359: IPSEC 2.2 crashes system - MantisBT
MantisBT - Endian Firewall
View Issue Details
0001359Endian FirewallOther Servicespublic2008-10-08 10:532010-05-26 17:12
mdraghici 
 
normalcrashalways
closedfixed 
2.2-rc2 
2.4 
0001359: IPSEC 2.2 crashes system
we are currently running Endian 2.1 and we have 4 IPSEC VPN tunnels set up between the endian box and SonicWall products. Everything works perfectly.

We have tried updated Endian to version 2.2 RC3. The same tunnels get created and connected. However when traffic starts going through any of the tunnels, the computer crashes. In RC2 there was just some gibberish text running on the screen. In RC3 there is a text output on the screen - see the picture attached.
No tags attached.
duplicate of 0001649closed peter-endian Endian Firewall When accessing web interface on green over Ipsec VPN locks up Endian 
has duplicate 0001529closed peter-endian Endian Firewall IPSEC Crashes whole Machine 
has duplicate 0001820closed peter-endian Endian Firewall Remote web access through an ipsec vpn crash the firewall 
has duplicate 0002665closed  Endian Firewall VPN to farend Netgear, once traffic routes over link, Endian server halts - no console response 
has duplicate 0002705closed  Endian Firewall IPSEC (pluto) causes kernel panics 
has duplicate 0002759closed  Endian Firewall Ipsec crashes system 
child of 0001935confirmed peter-endian Endian Firewall issues to fix with ipsec (openswan) 
jpg Imag058.jpg (638,469) 2008-10-08 10:53
https://bugs.endian.com/file_download.php?file_id=183&type=bug
Issue History
2008-10-08 10:53mdraghiciNew Issue
2008-10-08 10:53mdraghiciFile Added: Imag058.jpg
2008-10-08 11:02chris-endianNote Added: 0001666
2008-10-08 12:15p-klaasNote Added: 0001667
2008-10-08 13:22chris-endianNote Added: 0001668
2008-10-08 13:31mdraghiciNote Added: 0001669
2008-10-08 14:15chris-endianNote Added: 0001674
2008-10-08 14:36mdraghiciNote Added: 0001675
2009-01-14 08:24CruzifixionNote Added: 0001918
2009-01-14 08:37CruzifixionNote Added: 0001920
2009-05-05 13:50luca-endianNote Added: 0002251
2009-05-05 13:52luca-endianRelationship addedrelated to 0001380
2009-05-05 13:53luca-endianRelationship addedhas duplicate 0001529
2009-05-11 10:17peter-endianRelationship deletedrelated to 0001380
2009-05-11 10:17peter-endianRelationship addedhas duplicate 0001380
2009-05-11 10:17peter-endianRelationship addedhas duplicate 0001820
2009-05-11 10:19peter-endianRelationship addedduplicate of 0001649
2009-05-11 14:13peter-endianNote Added: 0002313
2009-05-11 14:14peter-endianStatusnew => confirmed
2009-05-27 10:15peter-endianRelationship addedrelated to 0001828
2009-06-10 13:10peter-endianRelationship addedchild of 0001935
2010-01-21 18:03peter-endianTarget Version => codename: angry armadillo
2010-01-30 04:42kevinbillingsleyNote Added: 0003725
2010-02-01 17:01peter-endianNote Added: 0003730
2010-02-11 10:29peter-endianRelationship addedhas duplicate 0002665
2010-02-22 11:01peter-endianRelationship addedhas duplicate 0002705
2010-03-09 18:22peter-endianRelationship addedhas duplicate 0002759
2010-05-26 17:12christian-endianNote Added: 0004265
2010-05-26 17:12christian-endianStatusconfirmed => closed
2010-05-26 17:12christian-endianResolutionopen => fixed

Notes
(0001666)
chris-endian   
2008-10-08 11:02   
Hi,

what kind of uplink do you have, ethernet static, PPPOE?

Does this always happen? As soon as the ipsec tunnel gets up?

Bye,
Chris.
(0001667)
p-klaas   
2008-10-08 12:15   
Endian Firewall is very poor - isnt it?
(0001668)
chris-endian   
2008-10-08 13:22   
> Endian Firewall is very poor - isnt it?

Or the reporter's hardware.

Analytic skills is not your strong point, is it, Endianer?

Chris.
(0001669)
mdraghici   
2008-10-08 13:31   
Chris,

We have a static IP address. The tunnel gets up ok. It only crashes when we initiate a connection over the tunnel.

thank you

~mircea
(0001674)
chris-endian   
2008-10-08 14:15   
Mircea,

thanks for the info. That rules out an older bug we've seen.

I'd say this is a bug in the linux kernel we haven't seen before. Right
now I don't have a solution for you, but It would be great if you could leave
some information about your hardware here, so we can see if others
report the same problem.

Could you post the output of lspci?

Bye,
Chris.
(0001675)
mdraghici   
2008-10-08 14:36   
Chris,

Let me just point out that this works on Endian 2.1 on the same hardware. The machine is an IBM® Eserver 325 Type 8835 W11. Here is the output of the lspci:

00:06.0 PCI bridge: Advanced Micro Devices [AMD] AMD-8111 PCI (rev 07)
00:07.0 ISA bridge: Advanced Micro Devices [AMD] AMD-8111 LPC (rev 05)
00:07.1 IDE interface: Advanced Micro Devices [AMD] AMD-8111 IDE (rev 03)
00:07.3 Bridge: Advanced Micro Devices [AMD] AMD-8111 ACPI (rev 05)
00:0a.0 PCI bridge: Advanced Micro Devices [AMD] AMD-8131 PCI-X Bridge (rev 12)
00:0a.1 PIC: Advanced Micro Devices [AMD] AMD-8131 PCI-X IOAPIC (rev 01)
00:0b.0 PCI bridge: Advanced Micro Devices [AMD] AMD-8131 PCI-X Bridge (rev 12)
00:0b.1 PIC: Advanced Micro Devices [AMD] AMD-8131 PCI-X IOAPIC (rev 01)
00:18.0 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] HyperTra nsport Technology Configuration
00:18.1 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] Address Map
00:18.2 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] DRAM Con troller
00:18.3 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] Miscella neous Control
00:19.0 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] HyperTra nsport Technology Configuration
00:19.1 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] Address Map
00:19.2 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] DRAM Con troller
00:19.3 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] Miscella neous Control
01:00.0 USB Controller: Advanced Micro Devices [AMD] AMD-8111 USB (rev 0b)
01:00.1 USB Controller: Advanced Micro Devices [AMD] AMD-8111 USB (rev 0b)
01:05.0 VGA compatible controller: ATI Technologies Inc Rage XL (rev 27)
02:01.0 Ethernet controller: Broadcom Corporation NetXtreme BCM5704 Gigabit Ethe rnet (rev 03)
02:01.1 Ethernet controller: Broadcom Corporation NetXtreme BCM5704 Gigabit Ethe rnet (rev 03)
03:03.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-8169 Gigabit Et hernet (rev 10)
(0001918)
Cruzifixion   
2009-01-14 08:24   
I have the EXACT same problem.
In my case, it was an IPSEC PSK tunnel from my end (RC3) to a friends end (2.1.2).

Everything is set up just fine, but as soon as traffic passes over the tunnel, a crash happens within minutes on my end only...

I have DHCP addresses, but they are "static" DHCP addresses.
Running on VMware 1.0.8 (Windows Host) with 512 MB RAM and 3 networkcards, where 2 are Red (Public) and 1 is Green (Private)...
(0001920)
Cruzifixion   
2009-01-14 08:37   
OH, I forgot to mention:
We have tried alot of different P1 and P2 algorithms and encryption schemes - same result...

And correct me if I'm wrong, but isn't there 3 virtual interfaces used for IPSEC by default when you start the IPSEC service? If so, I'd think this would be a good place to start looking (since this seems to be HW related...
(0002251)
luca-endian   
2009-05-05 13:50   
Do you have "Negotiate payload compression" active?
That option may cause some problems.
(0002313)
peter-endian   
2009-05-11 14:13   
in order to fix this we need to upgrade openswan, which needs a kernel upgrade
that takes some time, we are working on it.
(0003725)
kevinbillingsley   
2010-01-30 04:42   
It's January 30th and this issue is still present. Any time table for a fix?

Kevin
(0003730)
peter-endian   
2010-02-01 17:01   
kernel upgrade is on our schedule for next regular version (0001633:0002010-Q2)
(0004265)
christian-endian   
2010-05-26 17:12   
should be resolved in version 2.4