IPSec Segfaults with RSA+Xauth (works fine with PSK+Xauth) on i386 :-/



  • This one is beyond me.. racoon segfaults every time the client sends back the XAUTH_USER_NAME and XAUTH_USER_PASSWORD when using RSA+Xauth. It does a core dump and game over. Everything is fine with PSK+Xauth.

    Nov 20 19:52:20 pf racoon: 2012-11-19 20:52:20: DEBUG: Attribute XAUTH_USER_NAME, len 9
    Nov 20 19:52:20 pf racoon: 2012-11-19 20:52:20: DEBUG: Attribute XAUTH_USER_PASSWORD, len 14
    Nov 20 19:52:20 pf racoon: 2012-11-19 20:52:20: INFO: Using port 0

    There's nothing useful when running it verbose with -D from the cli either. Anyone else experiencing this?

    Running 2.1-BETA0 (i386) from yesterday (same behavior from a September beta fwiw).


  • Rebel Alliance Developer Netgate

    We've had at least one other report of that, but so far haven't been able to reproduce it here. The other person is actually seeing it crash with PSK+Xauth and not RSA.



  • @jimp:

    The other person is actually seeing it crash with PSK+Xauth and not RSA.

    +1 for me, just noticed that I have that problem too :(


  • Rebel Alliance Developer Netgate

    The very latest snapshot should have a fixed racoon binary (hopefully). Worth another try.



  • @jimp:

    The very latest snapshot should have a fixed racoon binary (hopefully). Worth another try.

    Updated to the latest:

    • PSK+Xauth now segfaults
    • RSA+Xauth now gets me this far before it segfaults…
    
    2012-11-21 17:35:34: DEBUG: Configuration exchange type mode config REPLY
    2012-11-21 17:35:34: DEBUG: Attribute XAUTH_USER_NAME, len 7
    2012-11-21 17:35:34: DEBUG: Attribute XAUTH_USER_PASSWORD, len 15
    2012-11-21 17:35:34: INFO: Using port 0
    2012-11-21 17:35:34: DEBUG: External authentication script starting for user "testing"
    Segmentation fault: 11 (core dumped)
    
    


  • Can you retrieve the core file and upload somewhere?
    Also can you make sure the /var/etc/ipsec/ipsec.php is there?



  • @ermal:

    Can you retrieve the core file and upload somewhere?
    Also can you make sure the /var/etc/ipsec/ipsec.php is there?

    Yep, ipsec.php is there, and other configs there look fine to.
    Here's my core file: http://files.ivimbu.com/u/?a=d&i=0iu2eGXXFu



  • I actually pushed a new fix.
    Please try with next snapshot.



  • @ermal:

    I actually pushed a new fix.
    Please try with next snapshot.

    That fixed it!!! Great job ;-)


Locked