SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264
|Anonymous | Login||2020-07-08 23:17 UTC|
|Main | My View | View Issues | Change Log | Roadmap|
|View Issue Details|
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0001359||Endian Firewall||Other Services||public||2008-10-08 10:53||2010-05-26 17:12|
|Target Version||2.4||Fixed in Version|
|Summary||0001359: IPSEC 2.2 crashes system|
|Description||we are currently running Endian 2.1 and we have 4 IPSEC VPN tunnels set up between the endian box and SonicWall products. Everything works perfectly. |
We have tried updated Endian to version 2.2 RC3. The same tunnels get created and connected. However when traffic starts going through any of the tunnels, the computer crashes. In RC2 there was just some gibberish text running on the screen. In RC3 there is a text output on the screen - see the picture attached.
|Tags||No tags attached.|
|Attached Files||Imag058.jpg [^] (638,469 bytes) 2008-10-08 10:53|
what kind of uplink do you have, ethernet static, PPPOE?
Does this always happen? As soon as the ipsec tunnel gets up?
|Endian Firewall is very poor - isnt it?|
> Endian Firewall is very poor - isnt it?
Or the reporter's hardware.
Analytic skills is not your strong point, is it, Endianer?
We have a static IP address. The tunnel gets up ok. It only crashes when we initiate a connection over the tunnel.
thanks for the info. That rules out an older bug we've seen.
I'd say this is a bug in the linux kernel we haven't seen before. Right
now I don't have a solution for you, but It would be great if you could leave
some information about your hardware here, so we can see if others
report the same problem.
Could you post the output of lspci?
Let me just point out that this works on Endian 2.1 on the same hardware. The machine is an IBM® Eserver 325 Type 8835 W11. Here is the output of the lspci:
00:06.0 PCI bridge: Advanced Micro Devices [AMD] AMD-8111 PCI (rev 07)
00:07.0 ISA bridge: Advanced Micro Devices [AMD] AMD-8111 LPC (rev 05)
00:07.1 IDE interface: Advanced Micro Devices [AMD] AMD-8111 IDE (rev 03)
00:07.3 Bridge: Advanced Micro Devices [AMD] AMD-8111 ACPI (rev 05)
00:0a.0 PCI bridge: Advanced Micro Devices [AMD] AMD-8131 PCI-X Bridge (rev 12)
00:0a.1 PIC: Advanced Micro Devices [AMD] AMD-8131 PCI-X IOAPIC (rev 01)
00:0b.0 PCI bridge: Advanced Micro Devices [AMD] AMD-8131 PCI-X Bridge (rev 12)
00:0b.1 PIC: Advanced Micro Devices [AMD] AMD-8131 PCI-X IOAPIC (rev 01)
00:18.0 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] HyperTra nsport Technology Configuration
00:18.1 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] Address Map
00:18.2 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] DRAM Con troller
00:18.3 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] Miscella neous Control
00:19.0 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] HyperTra nsport Technology Configuration
00:19.1 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] Address Map
00:19.2 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] DRAM Con troller
00:19.3 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] Miscella neous Control
01:00.0 USB Controller: Advanced Micro Devices [AMD] AMD-8111 USB (rev 0b)
01:00.1 USB Controller: Advanced Micro Devices [AMD] AMD-8111 USB (rev 0b)
01:05.0 VGA compatible controller: ATI Technologies Inc Rage XL (rev 27)
02:01.0 Ethernet controller: Broadcom Corporation NetXtreme BCM5704 Gigabit Ethe rnet (rev 03)
02:01.1 Ethernet controller: Broadcom Corporation NetXtreme BCM5704 Gigabit Ethe rnet (rev 03)
03:03.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-8169 Gigabit Et hernet (rev 10)
I have the EXACT same problem.
In my case, it was an IPSEC PSK tunnel from my end (RC3) to a friends end (2.1.2).
Everything is set up just fine, but as soon as traffic passes over the tunnel, a crash happens within minutes on my end only...
I have DHCP addresses, but they are "static" DHCP addresses.
Running on VMware 1.0.8 (Windows Host) with 512 MB RAM and 3 networkcards, where 2 are Red (Public) and 1 is Green (Private)...
OH, I forgot to mention:
We have tried alot of different P1 and P2 algorithms and encryption schemes - same result...
And correct me if I'm wrong, but isn't there 3 virtual interfaces used for IPSEC by default when you start the IPSEC service? If so, I'd think this would be a good place to start looking (since this seems to be HW related...
Do you have "Negotiate payload compression" active?
That option may cause some problems.
in order to fix this we need to upgrade openswan, which needs a kernel upgrade
that takes some time, we are working on it.
It's January 30th and this issue is still present. Any time table for a fix?
|kernel upgrade is on our schedule for next regular version (0001633:0002010-Q2)|
|should be resolved in version 2.4|
|2008-10-08 10:53||mdraghici||New Issue|
|2008-10-08 10:53||mdraghici||File Added: Imag058.jpg|
|2008-10-08 11:02||chris-endian||Note Added: 0001666|
|2008-10-08 12:15||p-klaas||Note Added: 0001667|
|2008-10-08 13:22||chris-endian||Note Added: 0001668|
|2008-10-08 13:31||mdraghici||Note Added: 0001669|
|2008-10-08 14:15||chris-endian||Note Added: 0001674|
|2008-10-08 14:36||mdraghici||Note Added: 0001675|
|2009-01-14 08:24||Cruzifixion||Note Added: 0001918|
|2009-01-14 08:37||Cruzifixion||Note Added: 0001920|
|2009-05-05 13:50||luca-endian||Note Added: 0002251|
|2009-05-05 13:52||luca-endian||Relationship added||related to 0001380|
|2009-05-05 13:53||luca-endian||Relationship added||has duplicate 0001529|
|2009-05-11 10:17||peter-endian||Relationship deleted||related to 0001380|
|2009-05-11 10:17||peter-endian||Relationship added||has duplicate 0001380|
|2009-05-11 10:17||peter-endian||Relationship added||has duplicate 0001820|
|2009-05-11 10:19||peter-endian||Relationship added||duplicate of 0001649|
|2009-05-11 14:13||peter-endian||Note Added: 0002313|
|2009-05-11 14:14||peter-endian||Status||new => confirmed|
|2009-05-27 10:15||peter-endian||Relationship added||related to 0001828|
|2009-06-10 13:10||peter-endian||Relationship added||child of 0001935|
|2010-01-21 18:03||peter-endian||Target Version||=> codename: angry armadillo|
|2010-01-30 04:42||kevinbillingsley||Note Added: 0003725|
|2010-02-01 17:01||peter-endian||Note Added: 0003730|
|2010-02-11 10:29||peter-endian||Relationship added||has duplicate 0002665|
|2010-02-22 11:01||peter-endian||Relationship added||has duplicate 0002705|
|2010-03-09 18:22||peter-endian||Relationship added||has duplicate 0002759|
|2010-05-26 17:12||christian-endian||Note Added: 0004265|
|2010-05-26 17:12||christian-endian||Status||confirmed => closed|
|2010-05-26 17:12||christian-endian||Resolution||open => fixed|
|Copyright © 2000 - 2012 MantisBT Group|