IPSec Segfaults with RSA+Xauth (works fine with PSK+Xauth) on i386 :-/

seattle-it · Nov 21, 2012, 3:44 AM

This one is beyond me.. racoon segfaults every time the client sends back the XAUTH_USER_NAME and XAUTH_USER_PASSWORD when using RSA+Xauth. It does a core dump and game over. Everything is fine with PSK+Xauth.

Nov 20 19:52:20 pf racoon: 2012-11-19 20:52:20: DEBUG: Attribute XAUTH_USER_NAME, len 9
Nov 20 19:52:20 pf racoon: 2012-11-19 20:52:20: DEBUG: Attribute XAUTH_USER_PASSWORD, len 14
Nov 20 19:52:20 pf racoon: 2012-11-19 20:52:20: INFO: Using port 0

There's nothing useful when running it verbose with -D from the cli either. Anyone else experiencing this?

Running 2.1-BETA0 (i386) from yesterday (same behavior from a September beta fwiw).

jimp · Nov 21, 2012, 1:38 PM

We've had at least one other report of that, but so far haven't been able to reproduce it here. The other person is actually seeing it crash with PSK+Xauth and not RSA.

Mellowlynx · Nov 22, 2012, 12:27 AM

@jimp:

The other person is actually seeing it crash with PSK+Xauth and not RSA.

+1 for me, just noticed that I have that problem too :(

jimp · Nov 22, 2012, 12:42 AM

The very latest snapshot should have a fixed racoon binary (hopefully). Worth another try.

seattle-it · Nov 22, 2012, 1:38 AM

@jimp:

The very latest snapshot should have a fixed racoon binary (hopefully). Worth another try.

Updated to the latest:

PSK+Xauth now segfaults
RSA+Xauth now gets me this far before it segfaults…


2012-11-21 17:35:34: DEBUG: Configuration exchange type mode config REPLY
2012-11-21 17:35:34: DEBUG: Attribute XAUTH_USER_NAME, len 7
2012-11-21 17:35:34: DEBUG: Attribute XAUTH_USER_PASSWORD, len 15
2012-11-21 17:35:34: INFO: Using port 0
2012-11-21 17:35:34: DEBUG: External authentication script starting for user "testing"
Segmentation fault: 11 (core dumped)

eri-- · Nov 22, 2012, 9:13 AM

Can you retrieve the core file and upload somewhere?
Also can you make sure the /var/etc/ipsec/ipsec.php is there?

Mellowlynx · Nov 22, 2012, 9:36 AM

@ermal:

Can you retrieve the core file and upload somewhere?
Also can you make sure the /var/etc/ipsec/ipsec.php is there?

Yep, ipsec.php is there, and other configs there look fine to.
Here's my core file: http://files.ivimbu.com/u/?a=d&i=0iu2eGXXFu

eri-- · Nov 22, 2012, 2:27 PM

I actually pushed a new fix.
Please try with next snapshot.

seattle-it · Nov 23, 2012, 8:57 AM

@ermal:

I actually pushed a new fix.
Please try with next snapshot.

That fixed it!!! Great job ;-)