IPsec service crash randomly

m4rek11 · Oct 7, 2024, 12:44 PM

Hello,

Hello, a few days ago I got problem with IPsec service - it just crash and I had to start it manually. Unfortunately It was even such a situation that for some tunnels "phase 2" disappeared. Today a similar situation happened and I suppose it will keep happening.

In ipsec.log file I found entries like this:

Oct  7 01:11:37 PF1 charon[57969]: 11[DMN] <con8|1275> thread 11 received 11
Oct  7 01:11:37 PF1 charon[57969]: 11[LIB] <con8|1275>  dumping 15 stack frame addresses:
Oct  7 01:11:37 PF1 charon[57969]: 11[LIB] <con8|1275>   /lib/libthr.so.3 @ 0x823646000 (pthread_sigmask+0x53f) [0x8236607ef]
Oct  7 01:11:37 PF1 charon[57969]: 11[LIB] <con8|1275>     -> 
Oct  7 01:11:37 PF1 charon[57969]: 11[LIB] <con8|1275>   /lib/libthr.so.3 @ 0x823646000 (pthread_setschedparam+0x83b) [0x82365fdab]
Oct  7 01:11:37 PF1 charon[57969]: 11[LIB] <con8|1275>     -> 
Oct  7 01:11:37 PF1 charon[57969]: 11[LIB] <con8|1275>     0x821c9c8f3 <???> at ???
Oct  7 01:11:37 PF1 charon[57969]: 11[LIB] <con8|1275>   /lib/libc.so.7 @ 0x823d90000 (memcpy+0x30) [0x823ed73f0]
Oct  7 01:11:37 PF1 charon[57969]: 11[LIB] <con8|1275>     -> 
Oct  7 01:11:37 PF1 charon[57969]: 11[LIB] <con8|1275>   /usr/local/lib/ipsec/libstrongswan.so.0 @ 0x8227b5000 (chunk_create_clone+0x2d) [0x82281eead]
Oct  7 01:11:37 PF1 charon[57969]: 11[LIB] <con8|1275>     -> 
Oct  7 01:11:37 PF1 charon[57969]: 11[LIB] <con8|1275>   /usr/local/lib/ipsec/libcharon.so.0 @ 0x8234d1000 (auth_payload_create+0x20e) [0x82350f24e]
Oct  7 01:11:37 PF1 charon[57969]: 11[LIB] <con8|1275>     -> 
Oct  7 01:11:37 PF1 charon[57969]: 11[LIB] <con8|1275>   /usr/local/lib/ipsec/libstrongswan.so.0 @ 0x8227b5000 (linked_list_create_with_items+0xd97) [0x8227f0397]
Oct  7 01:11:37 PF1 charon[57969]: 11[LIB] <con8|1275>     -> 
Oct  7 01:11:37 PF1 charon[57969]: 11[LIB] <con8|1275>   /usr/local/lib/ipsec/libcharon.so.0 @ 0x8234d1000 (ike_config_create+0x128) [0x8235478b8]
Oct  7 01:11:37 PF1 charon[57969]: 11[LIB] <con8|1275>     -> 
Oct  7 01:11:37 PF1 charon[57969]: 11[LIB] <con8|1275>   /usr/local/lib/ipsec/libcharon.so.0 @ 0x8234d1000 (task_manager_v2_create+0x2a56) [0x823537bc6]
Oct  7 01:11:37 PF1 charon[57969]: 11[LIB] <con8|1275>     -> 
Oct  7 01:11:37 PF1 charon[57969]: 11[LIB] <con8|1275>   /usr/local/lib/ipsec/libcharon.so.0 @ 0x8234d1000 (task_manager_v2_create+0x249f) [0x82353760f]
Oct  7 01:11:37 PF1 charon[57969]: 11[LIB] <con8|1275>     -> 
Oct  7 01:11:37 PF1 charon[57969]: 11[LIB] <con8|1275>   /usr/local/lib/ipsec/libcharon.so.0 @ 0x8234d1000 (task_manager_v2_create+0x6ac) [0x82353581c]
Oct  7 01:11:37 PF1 charon[57969]: 11[LIB] <con8|1275>     -> 
Oct  7 01:11:37 PF1 charon[57969]: 11[LIB] <con8|1275>   /usr/local/lib/ipsec/libcharon.so.0 @ 0x8234d1000 (ike_sa_get_dynamic_hosts+0x26f7) [0x823528a27]
Oct  7 01:11:37 PF1 charon[57969]: 11[LIB] <con8|1275>     -> 
Oct  7 01:11:37 PF1 charon[57969]: 11[LIB] <con8|1275>   /usr/local/lib/ipsec/libcharon.so.0 @ 0x8234d1000 (process_message_job_create+0x191) [0x82351f141]
Oct  7 01:11:37 PF1 charon[57969]: 11[LIB] <con8|1275>     -> 
Oct  7 01:11:37 PF1 charon[57969]: 11[LIB] <con8|1275>   /usr/local/lib/ipsec/libstrongswan.so.0 @ 0x8227b5000 (processor_create+0x787) [0x822813217]
Oct  7 01:11:37 PF1 charon[57969]: 11[LIB] <con8|1275>     -> 
Oct  7 01:11:37 PF1 charon[57969]: 11[LIB] <con8|1275>   /usr/local/lib/ipsec/libstrongswan.so.0 @ 0x8227b5000 (thread_create+0x180) [0x822828440]
Oct  7 01:11:37 PF1 charon[57969]: 11[LIB] <con8|1275>     -> 
Oct  7 01:11:37 PF1 charon[57969]: 11[DMN] <con8|1275> killing ourself, received critical signal

I will add that pfSense runs as a virtual machine on Proxmox. My pfSense versin is: 2.7.2-RELEASE.

I would be grateful for any information on where to look for the cause, whether it is something on the side of pfSensem itself or Proxmox. If you need any more information, please let me know.