SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0002759: Ipsec crashes system - MantisBT
MantisBT - Endian Firewall
View Issue Details
0002759Endian FirewallNetwork related (VPN, uplinks)public2010-03-09 15:362010-09-23 16:06
Jump 
 
normalcrashalways
closedsuspended 
2.2 
 
0002759: Ipsec crashes system
Since using 6 ipsec-tunnels to remote sites, after about 20-30 minutes, endian hangs and can only be hard-reseted. This behaviour was not seen before activating ipsec. Ipsec is configured with no debug flags active and only one option in ike (1536). We are forced to use ipsec, because remote offices systems are only able to vpn with ipsec(zywall usg 100). We checked: Ram, CPU, Disks (even replaced them), but with no success.
Highly possible, that this is related to ID 0001359.
Is there a releif or fix in reach?
Attached, you will find an excerpt of the dump posted by the kernel. Also, here is the lscpi:
00:00.0 Host bridge: Intel Corporation 82G33/G31/P35/P31 Express DRAM Controller (rev 02)
00:02.0 VGA compatible controller: Intel Corporation 82G33/G31 Express Integrated Graphics Controller (rev 02)
00:1a.0 USB Controller: Intel Corporation 82801I (ICH9 Family) USB UHCI Controller 0000004 (rev 02)
00:1a.1 USB Controller: Intel Corporation 82801I (ICH9 Family) USB UHCI Controller #5 (rev 02)
00:1a.2 USB Controller: Intel Corporation 82801I (ICH9 Family) USB UHCI Controller #6 (rev 02)
00:1a.7 USB Controller: Intel Corporation 82801I (ICH9 Family) USB2 EHCI Controller 0000002 (rev 02)
00:1c.0 PCI bridge: Intel Corporation 82801I (ICH9 Family) PCI Express Port 1 (rev 02)
00:1c.4 PCI bridge: Intel Corporation 82801I (ICH9 Family) PCI Express Port 5 (rev 02)
00:1d.0 USB Controller: Intel Corporation 82801I (ICH9 Family) USB UHCI Controller 0000001 (rev 02)
00:1d.1 USB Controller: Intel Corporation 82801I (ICH9 Family) USB UHCI Controller 0000002 (rev 02)
00:1d.2 USB Controller: Intel Corporation 82801I (ICH9 Family) USB UHCI Controller 0000003 (rev 02)
00:1d.7 USB Controller: Intel Corporation 82801I (ICH9 Family) USB2 EHCI Controller 0000001 (rev 02)
00:1e.0 PCI bridge: Intel Corporation 82801 PCI Bridge (rev 92)
00:1f.0 ISA bridge: Intel Corporation 82801IB (ICH9) LPC Interface Controller (rev 02)
00:1f.2 IDE interface: Intel Corporation 82801IB (ICH9) 2 port SATA IDE Controller (rev 02)
00:1f.3 SMBus: Intel Corporation 82801I (ICH9 Family) SMBus Controller (rev 02)
00:1f.5 IDE interface: Intel Corporation 82801I (ICH9 Family) 2 port SATA IDE Controller (rev 02)
02:00.0 PCI bridge: Integrated Device Technology, Inc. Unknown device 8018 (rev 04)
03:00.0 PCI bridge: Integrated Device Technology, Inc. Unknown device 8018 (rev 04)
03:01.0 PCI bridge: Integrated Device Technology, Inc. Unknown device 8018 (rev 04)
04:00.0 Ethernet controller: Intel Corporation 82571EB Gigabit Ethernet Controller (rev 06)
04:00.1 Ethernet controller: Intel Corporation 82571EB Gigabit Ethernet Controller (rev 06)
05:00.0 Ethernet controller: Intel Corporation 82571EB Gigabit Ethernet Controller (rev 06)
05:00.1 Ethernet controller: Intel Corporation 82571EB Gigabit Ethernet Controller (rev 06)
No tags attached.
duplicate of 0001359closed  IPSEC 2.2 crashes system 
txt messages.txt (31,480) 2010-03-09 15:36
https://bugs.endian.com/file_download.php?file_id=363&type=bug
Issue History
2010-03-09 15:36JumpNew Issue
2010-03-09 15:36JumpFile Added: messages.txt
2010-03-09 18:22peter-endianRelationship addedduplicate of 0001359
2010-03-09 18:28peter-endianNote Added: 0004001
2010-03-09 18:28peter-endianStatusnew => confirmed
2010-03-10 14:44SimonSNote Added: 0004011
2010-06-07 13:38peter-endianNote Added: 0004409
2010-06-07 13:38peter-endianStatusconfirmed => feedback
2010-06-07 14:01JumpNote Added: 0004414
2010-09-23 16:06peter-endianStatusfeedback => closed
2010-09-23 16:06peter-endianResolutionopen => suspended

Notes
(0004001)
peter-endian   
2010-03-09 18:28   
may be the same as 0002759. hard to say
0002759 seems to happen only when remote accesses the firewalls green ip

however, we are working on the kernel upgrade which is needed for the openswan upgrade which should fix this. comes with next version (2010 Q2)
(0004011)
SimonS   
2010-03-10 14:44   
This would be codename Angry armadillo? Is there any fixed date on this, because
customer heavily relies on this, debugging is hard, workaround not available (except replacement through another vendor/product)? I know, that this is not the right "forum" for posting this but: this has turned into a major disgrace to me to use ipsec and then run into the crashes; i know, neither of us (you and me) can be made responsible, but its very annoying nevertheless.
regards - jump
(0004409)
peter-endian   
2010-06-07 13:38   
can you try with 2.4? this issue should be fixed there.
(0004414)
Jump   
2010-06-07 14:01   
We will have to wait until a maint-window for this to happen. Cannot say, when this will happen then. rgs.