SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0001359: IPSEC 2.2 crashes system - MantisBT Endian Bugtracker
Endian Issue Tracker





Please see now our new Bugtracker system: JIRA








View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0001359Endian FirewallOther Servicespublic2008-10-08 10:532010-05-26 17:12
Reportermdraghici 
Assigned To 
PrioritynormalSeveritycrashReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version2.2-rc2 
Target Version2.4Fixed in Version 
Summary0001359: IPSEC 2.2 crashes system
Descriptionwe are currently running Endian 2.1 and we have 4 IPSEC VPN tunnels set up between the endian box and SonicWall products. Everything works perfectly.

We have tried updated Endian to version 2.2 RC3. The same tunnels get created and connected. However when traffic starts going through any of the tunnels, the computer crashes. In RC2 there was just some gibberish text running on the screen. In RC3 there is a text output on the screen - see the picture attached.
TagsNo tags attached.
Attached Filesjpg file icon Imag058.jpg [^] (638,469 bytes) 2008-10-08 10:53

- Relationships
duplicate of 0001649closedpeter-endian Endian Firewall When accessing web interface on green over Ipsec VPN locks up Endian 
has duplicate 0001529closedpeter-endian Endian Firewall IPSEC Crashes whole Machine 
has duplicate 0001820closedpeter-endian Endian Firewall Remote web access through an ipsec vpn crash the firewall 
has duplicate 0002665closed Endian Firewall VPN to farend Netgear, once traffic routes over link, Endian server halts - no console response 
has duplicate 0002705closed Endian Firewall IPSEC (pluto) causes kernel panics 
has duplicate 0002759closed Endian Firewall Ipsec crashes system 
child of 0001935confirmedpeter-endian Endian Firewall issues to fix with ipsec (openswan) 

-  Notes
(0001666)
chris-endian (reporter)
2008-10-08 11:02

Hi,

what kind of uplink do you have, ethernet static, PPPOE?

Does this always happen? As soon as the ipsec tunnel gets up?

Bye,
Chris.
(0001667)
p-klaas (reporter)
2008-10-08 12:15

Endian Firewall is very poor - isnt it?
(0001668)
chris-endian (reporter)
2008-10-08 13:22

> Endian Firewall is very poor - isnt it?

Or the reporter's hardware.

Analytic skills is not your strong point, is it, Endianer?

Chris.
(0001669)
mdraghici (reporter)
2008-10-08 13:31

Chris,

We have a static IP address. The tunnel gets up ok. It only crashes when we initiate a connection over the tunnel.

thank you

~mircea
(0001674)
chris-endian (reporter)
2008-10-08 14:15

Mircea,

thanks for the info. That rules out an older bug we've seen.

I'd say this is a bug in the linux kernel we haven't seen before. Right
now I don't have a solution for you, but It would be great if you could leave
some information about your hardware here, so we can see if others
report the same problem.

Could you post the output of lspci?

Bye,
Chris.
(0001675)
mdraghici (reporter)
2008-10-08 14:36

Chris,

Let me just point out that this works on Endian 2.1 on the same hardware. The machine is an IBM® Eserver 325 Type 8835 W11. Here is the output of the lspci:

00:06.0 PCI bridge: Advanced Micro Devices [AMD] AMD-8111 PCI (rev 07)
00:07.0 ISA bridge: Advanced Micro Devices [AMD] AMD-8111 LPC (rev 05)
00:07.1 IDE interface: Advanced Micro Devices [AMD] AMD-8111 IDE (rev 03)
00:07.3 Bridge: Advanced Micro Devices [AMD] AMD-8111 ACPI (rev 05)
00:0a.0 PCI bridge: Advanced Micro Devices [AMD] AMD-8131 PCI-X Bridge (rev 12)
00:0a.1 PIC: Advanced Micro Devices [AMD] AMD-8131 PCI-X IOAPIC (rev 01)
00:0b.0 PCI bridge: Advanced Micro Devices [AMD] AMD-8131 PCI-X Bridge (rev 12)
00:0b.1 PIC: Advanced Micro Devices [AMD] AMD-8131 PCI-X IOAPIC (rev 01)
00:18.0 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] HyperTra nsport Technology Configuration
00:18.1 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] Address Map
00:18.2 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] DRAM Con troller
00:18.3 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] Miscella neous Control
00:19.0 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] HyperTra nsport Technology Configuration
00:19.1 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] Address Map
00:19.2 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] DRAM Con troller
00:19.3 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] Miscella neous Control
01:00.0 USB Controller: Advanced Micro Devices [AMD] AMD-8111 USB (rev 0b)
01:00.1 USB Controller: Advanced Micro Devices [AMD] AMD-8111 USB (rev 0b)
01:05.0 VGA compatible controller: ATI Technologies Inc Rage XL (rev 27)
02:01.0 Ethernet controller: Broadcom Corporation NetXtreme BCM5704 Gigabit Ethe rnet (rev 03)
02:01.1 Ethernet controller: Broadcom Corporation NetXtreme BCM5704 Gigabit Ethe rnet (rev 03)
03:03.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-8169 Gigabit Et hernet (rev 10)
(0001918)
Cruzifixion (reporter)
2009-01-14 08:24

I have the EXACT same problem.
In my case, it was an IPSEC PSK tunnel from my end (RC3) to a friends end (2.1.2).

Everything is set up just fine, but as soon as traffic passes over the tunnel, a crash happens within minutes on my end only...

I have DHCP addresses, but they are "static" DHCP addresses.
Running on VMware 1.0.8 (Windows Host) with 512 MB RAM and 3 networkcards, where 2 are Red (Public) and 1 is Green (Private)...
(0001920)
Cruzifixion (reporter)
2009-01-14 08:37

OH, I forgot to mention:
We have tried alot of different P1 and P2 algorithms and encryption schemes - same result...

And correct me if I'm wrong, but isn't there 3 virtual interfaces used for IPSEC by default when you start the IPSEC service? If so, I'd think this would be a good place to start looking (since this seems to be HW related...
(0002251)
luca-endian (developer)
2009-05-05 13:50

Do you have "Negotiate payload compression" active?
That option may cause some problems.
(0002313)
peter-endian (administrator)
2009-05-11 14:13

in order to fix this we need to upgrade openswan, which needs a kernel upgrade
that takes some time, we are working on it.
(0003725)
kevinbillingsley (reporter)
2010-01-30 04:42

It's January 30th and this issue is still present. Any time table for a fix?

Kevin
(0003730)
peter-endian (administrator)
2010-02-01 17:01

kernel upgrade is on our schedule for next regular version (0001633:0002010-Q2)
(0004265)
christian-endian (administrator)
2010-05-26 17:12

should be resolved in version 2.4

- Issue History
Date Modified Username Field Change
2008-10-08 10:53 mdraghici New Issue
2008-10-08 10:53 mdraghici File Added: Imag058.jpg
2008-10-08 11:02 chris-endian Note Added: 0001666
2008-10-08 12:15 p-klaas Note Added: 0001667
2008-10-08 13:22 chris-endian Note Added: 0001668
2008-10-08 13:31 mdraghici Note Added: 0001669
2008-10-08 14:15 chris-endian Note Added: 0001674
2008-10-08 14:36 mdraghici Note Added: 0001675
2009-01-14 08:24 Cruzifixion Note Added: 0001918
2009-01-14 08:37 Cruzifixion Note Added: 0001920
2009-05-05 13:50 luca-endian Note Added: 0002251
2009-05-05 13:52 luca-endian Relationship added related to 0001380
2009-05-05 13:53 luca-endian Relationship added has duplicate 0001529
2009-05-11 10:17 peter-endian Relationship deleted related to 0001380
2009-05-11 10:17 peter-endian Relationship added has duplicate 0001380
2009-05-11 10:17 peter-endian Relationship added has duplicate 0001820
2009-05-11 10:19 peter-endian Relationship added duplicate of 0001649
2009-05-11 14:13 peter-endian Note Added: 0002313
2009-05-11 14:14 peter-endian Status new => confirmed
2009-05-27 10:15 peter-endian Relationship added related to 0001828
2009-06-10 13:10 peter-endian Relationship added child of 0001935
2010-01-21 18:03 peter-endian Target Version => codename: angry armadillo
2010-01-30 04:42 kevinbillingsley Note Added: 0003725
2010-02-01 17:01 peter-endian Note Added: 0003730
2010-02-11 10:29 peter-endian Relationship added has duplicate 0002665
2010-02-22 11:01 peter-endian Relationship added has duplicate 0002705
2010-03-09 18:22 peter-endian Relationship added has duplicate 0002759
2010-05-26 17:12 christian-endian Note Added: 0004265
2010-05-26 17:12 christian-endian Status confirmed => closed
2010-05-26 17:12 christian-endian Resolution open => fixed

Copyright © 2005-2008 Endian, SRL. All rights reserved.


Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker