isakmpd quits out after running ipsec on CURRENT

classic Classic list List threaded Threaded
13 messages Options
Reply | Threaded
Open this post in threaded view
|

isakmpd quits out after running ipsec on CURRENT

Kaya Saman-2
Hi,

for some reason, this seems to have been for a while now; isakmpd will
simply quit running after initiating: ipsecctl -f /etc/ipsec.conf

Starting isakmpd manually with flags -Kdv doesn't give any indication as
to what might be causing the service to crash or segfault and nothing is
reported in the logs - I checked both daemon and messages.

ipsec.conf consists of standard config:

ike passive esp transport \
         proto udp from 212.159.80.17 to any port 1701 \
         main auth "hmac-sha" enc "aes" group modp1024 \
         quick auth "hmac-sha" enc "aes" \
         psk "Sclr11XP99"

ike passive esp transport \
         proto udp from <IP> to any port 1701 \
         main auth "hmac-sha" enc "aes" group modp1024 \
         quick auth "hmac-sha" enc "aes" \
         psk "<Some_crazy_pass>"

Basically the setup used to work fine a few upgrades ago while I was on
5.5 but then something seems to have changed and it stopped.

Along with the above I'm running npppd for ipsec/l2tp so I can run the
native Android VPN client. I do run OpenVPN in addition but their seems
to be some issue with routing on some apps so to get round that the
choice is either: add default route manually when using OpenVPN / or use
native client.


I managed to find this thread from the list:

http://comments.gmane.org/gmane.os.openbsd.misc/209636

and managed to pretty much validate my config in comparison but for some
reason I cannot work this one out.

System is up to date as per last night and build is:

5.6 GENERIC.MP#633 amd64

5.6 GENERIC.MP#633 amd64


Would anyone be able to suggest anything?


Thanks.


Kaya

Reply | Threaded
Open this post in threaded view
|

Re: isakmpd quits out after running ipsec on CURRENT

Zé Loff-2
On Wed, Dec 03, 2014 at 02:00:59PM +0000, Kaya Saman wrote:

> Hi,
>
> for some reason, this seems to have been for a while now; isakmpd will
> simply quit running after initiating: ipsecctl -f /etc/ipsec.conf
>
> Starting isakmpd manually with flags -Kdv doesn't give any indication as
> to what might be causing the service to crash or segfault and nothing is
> reported in the logs - I checked both daemon and messages.
>
> ipsec.conf consists of standard config:
>
> ike passive esp transport \
>          proto udp from 212.159.80.17 to any port 1701 \
>          main auth "hmac-sha" enc "aes" group modp1024 \
>          quick auth "hmac-sha" enc "aes" \
>          psk "Sclr11XP99"
>
> ike passive esp transport \
>          proto udp from <IP> to any port 1701 \
>          main auth "hmac-sha" enc "aes" group modp1024 \
>          quick auth "hmac-sha" enc "aes" \
>          psk "<Some_crazy_pass>"
>
> Basically the setup used to work fine a few upgrades ago while I was on
> 5.5 but then something seems to have changed and it stopped.
>
> Along with the above I'm running npppd for ipsec/l2tp so I can run the
> native Android VPN client. I do run OpenVPN in addition but their seems
> to be some issue with routing on some apps so to get round that the
> choice is either: add default route manually when using OpenVPN / or use
> native client.
>
>
> I managed to find this thread from the list:
>
> http://comments.gmane.org/gmane.os.openbsd.misc/209636
>
> and managed to pretty much validate my config in comparison but for some
> reason I cannot work this one out.
>
> System is up to date as per last night and build is:
>
> 5.6 GENERIC.MP#633 amd64
>
> 5.6 GENERIC.MP#633 amd64
>
>
> Would anyone be able to suggest anything?
>
>
> Thanks.
>
>
> Kaya
>


I am seeing the same behaviour (apparently a clean exit, no message
whatsoever nor core file) on -current, with an ipsec.conf as simple as
this:

ike dynamic esp from 10.17.19.3 (egress) to 10.17.16.0/22 \
    peer vpn.foo.bar \
                srcid peer1.foo.bar dstid vpn.foo.bar


I have upgraded -current several times since I last used IPSec, so I
can't tell for sure when it started...



OpenBSD 5.6-current (GENERIC.MP) #634: Mon Dec  1 10:11:11 MST 2014
    [hidden email]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 8357658624 (7970MB)
avail mem = 8131330048 (7754MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xe0010 (78 entries)
bios0: vendor LENOVO version "6QET70WW (1.40 )" date 10/11/2012
bios0: LENOVO 3680WE9
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP SSDT ECDT APIC MCFG HPET ASF! BOOT SSDT TCPA DMAR SSDT SSDT SSDT
acpi0: wakeup devices LID_(S3) SLPB(S3) IGBE(S4) EXP1(S4) EXP2(S4) EXP3(S4) EXP4(S4) EXP5(S4) EHC1(S3) EHC2(S3) HDEF(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpiec0 at acpi0
acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz, 2660.43 MHz
cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,AES,NXE,LONG,LAHF,PERF,ITSC
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 133MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz, 2660.01 MHz
cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,AES,NXE,LONG,LAHF,PERF,ITSC
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 1, core 0, package 0
cpu2 at mainbus0: apid 4 (application processor)
cpu2: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz, 2660.01 MHz
cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,AES,NXE,LONG,LAHF,PERF,ITSC
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 5 (application processor)
cpu3: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz, 2660.01 MHz
cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,AES,NXE,LONG,LAHF,PERF,ITSC
cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 1, core 2, package 0
ioapic0 at mainbus0: apid 1 pa 0xfec00000, version 20, 24 pins
ioapic0: misconfigured as apic 2, remapped to apid 1
acpimcfg0 at acpi0 addr 0xe0000000, bus 0-255
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (PEG_)
acpiprt2 at acpi0: bus 13 (EXP1)
acpiprt3 at acpi0: bus -1 (EXP2)
acpiprt4 at acpi0: bus -1 (EXP3)
acpiprt5 at acpi0: bus -1 (EXP4)
acpiprt6 at acpi0: bus 2 (EXP5)
acpicpu0 at acpi0: C3, C1, PSS
acpicpu1 at acpi0: C3, C1, PSS
acpicpu2 at acpi0: C3, C1, PSS
acpicpu3 at acpi0: C3, C1, PSS
acpipwrres0 at acpi0: PUBS, resource for EHC1, EHC2
acpitz0 at acpi0: critical temperature is 100 degC
acpibtn0 at acpi0: LID_
acpibtn1 at acpi0: SLPB
acpibat0 at acpi0: BAT0 model "42T4694" serial   545 type LION oem "SANYO"
acpibat1 at acpi0: BAT1 not present
acpiac0 at acpi0: AC unit online
acpithinkpad0 at acpi0
acpidock0 at acpi0: GDCK docked (15)
cpu0: Enhanced SpeedStep 2660 MHz: speeds: 2400, 2399, 2266, 2133, 1999, 1866, 1733, 1599, 1466, 1333, 1199 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel Core Host" rev 0x02
vga1 at pci0 dev 2 function 0 "Intel HD Graphics" rev 0x02
intagp0 at vga1
agp0 at intagp0: aperture at 0xd0000000, size 0x10000000
inteldrm0 at vga1
drm0 at inteldrm0
inteldrm0: 1280x800
wsdisplay0 at vga1 mux 1: console (std, vt100 emulation)
wsdisplay0: screen 1-5 added (std, vt100 emulation)
"Intel 3400 MEI" rev 0x06 at pci0 dev 22 function 0 not configured
em0 at pci0 dev 25 function 0 "Intel 82577LM" rev 0x06: msi, address xx:xx:xx:xx:xx:xx
ehci0 at pci0 dev 26 function 0 "Intel 3400 USB" rev 0x06: apic 1 int 23
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
azalia0 at pci0 dev 27 function 0 "Intel 3400 HD Audio" rev 0x06: msi
azalia0: codecs: Conexant/0x5069, Intel/0x2804, using Conexant/0x5069
audio0 at azalia0
ppb0 at pci0 dev 28 function 0 "Intel 3400 PCIE" rev 0x06: msi
pci1 at ppb0 bus 13
ppb1 at pci0 dev 28 function 4 "Intel 3400 PCIE" rev 0x06: msi
pci2 at ppb1 bus 2
iwn0 at pci2 dev 0 function 0 "Intel Centrino Advanced-N 6200" rev 0x35: msi, MIMO 2T2R, MoW, address xx:xx:xx:xx:xx:xx
ehci1 at pci0 dev 29 function 0 "Intel 3400 USB" rev 0x06: apic 1 int 19
usb1 at ehci1: USB revision 2.0
uhub1 at usb1 "Intel EHCI root hub" rev 2.00/1.00 addr 1
ppb2 at pci0 dev 30 function 0 "Intel 82801BAM Hub-to-PCI" rev 0xa6
pci3 at ppb2 bus 14
pcib0 at pci0 dev 31 function 0 "Intel QM57 LPC" rev 0x06
ahci0 at pci0 dev 31 function 2 "Intel 3400 AHCI" rev 0x06: msi, AHCI 1.3
scsibus1 at ahci0: 32 targets
sd0 at scsibus1 targ 0 lun 0: <ATA, HITACHI HTS72503, PC3Z> SCSI3 0/direct fixed naa.5000cca645c68684
sd0: 305245MB, 512 bytes/sector, 625142448 sectors
cd0 at scsibus1 targ 1 lun 0: <HL-DT-ST, DVDRAM GU10N, MX05> ATAPI 5/cdrom removable
ichiic0 at pci0 dev 31 function 3 "Intel 3400 SMBus" rev 0x06: apic 1 int 23
iic0 at ichiic0
spdmem0 at iic0 addr 0x50: 4GB DDR3 SDRAM PC3-10600 SO-DIMM
spdmem1 at iic0 addr 0x51: 4GB DDR3 SDRAM PC3-10600 SO-DIMM
itherm0 at pci0 dev 31 function 6 "Intel 3400 Thermal" rev 0x06
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pms0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pms0 mux 0
wsmouse1 at pms0 mux 0
pms0: Synaptics touchpad, firmware 7.4
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
aps0 at isa0 port 0x1600/31
pci4 at mainbus0 bus 255
pchb1 at pci4 dev 0 function 0 "Intel QuickPath" rev 0x02
pchb2 at pci4 dev 0 function 1 "Intel QuickPath" rev 0x02
pchb3 at pci4 dev 2 function 0 "Intel QPI Link" rev 0x02
pchb4 at pci4 dev 2 function 1 "Intel QPI Physical" rev 0x02
pchb5 at pci4 dev 2 function 2 "Intel Reserved" rev 0x02
pchb6 at pci4 dev 2 function 3 "Intel Reserved" rev 0x02
uhub2 at uhub0 port 1 "Intel Rate Matching Hub" rev 2.00/0.00 addr 2
uhub3 at uhub2 port 5 "Lenovo product 0x1005" rev 2.00/0.01 addr 3
uhub4 at uhub3 port 2 "NEC hub" rev 2.00/1.00 addr 4
uhub5 at uhub4 port 4 "NEC hub" rev 2.00/1.00 addr 5
uhub6 at uhub1 port 1 "Intel Rate Matching Hub" rev 2.00/0.00 addr 2
vscsi0 at root
scsibus2 at vscsi0: 256 targets
softraid0 at root
scsibus3 at softraid0: 256 targets
sd1 at scsibus3 targ 1 lun 0: <OPENBSD, SR CRYPTO, 005> SCSI2 0/direct fixed
sd1: 305242MB, 512 bytes/sector, 625135808 sectors
root on sd1a (40b8b4a2a7e90f03.a) swap on sd1b dump on sd1b

--

Reply | Threaded
Open this post in threaded view
|

Re: isakmpd quits out after running ipsec on CURRENT

Sebastian Reitenbach
I run this kernel from beginning of November:

OpenBSD 5.6-current (GENERIC) #492: Fri Nov  7 10:21:36 MST 2014
    [hidden email]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Geode(TM) Integrated Processor by National Semi ("Geode by NSC" 586-class) 267 MHz
cpu0: FPU,TSC,MSR,CX8,CMOV,MMX

on my soekris box. Isakmpd is just started with: "-4 -K"
my ipsec.conf looks similar to this one (only IP addresses changed):

localip="1.1.1.1"
peerip="2.2.2.2"
ike esp from 3.3.3.0/24 to 4.4.0.0/16 \
        local $localip peer $peerip \
        main auth hmac-sha1 enc aes-128 group modp1024 \
        quick auth hmac-sha1 enc aes-128 group modp1024 \
        psk "top secret"
 

and it "just works".

does a higher debug level i.e. -D A=90 show something, or logging the
packets isakmpd sees with -L give more hints?

cheers,
Sebastian

On Wednesday, December 3, 2014 15:53 CET, Zé Loff <[hidden email]> wrote:
 

> On Wed, Dec 03, 2014 at 02:00:59PM +0000, Kaya Saman wrote:
> > Hi,
> >
> > for some reason, this seems to have been for a while now; isakmpd will
> > simply quit running after initiating: ipsecctl -f /etc/ipsec.conf
> >
> > Starting isakmpd manually with flags -Kdv doesn't give any indication as
> > to what might be causing the service to crash or segfault and nothing is
> > reported in the logs - I checked both daemon and messages.
> >
> > ipsec.conf consists of standard config:
> >
> > ike passive esp transport \
> >          proto udp from 212.159.80.17 to any port 1701 \
> >          main auth "hmac-sha" enc "aes" group modp1024 \
> >          quick auth "hmac-sha" enc "aes" \
> >          psk "Sclr11XP99"
> >
> > ike passive esp transport \
> >          proto udp from <IP> to any port 1701 \
> >          main auth "hmac-sha" enc "aes" group modp1024 \
> >          quick auth "hmac-sha" enc "aes" \
> >          psk "<Some_crazy_pass>"
> >
> > Basically the setup used to work fine a few upgrades ago while I was on
> > 5.5 but then something seems to have changed and it stopped.
> >
> > Along with the above I'm running npppd for ipsec/l2tp so I can run the
> > native Android VPN client. I do run OpenVPN in addition but their seems
> > to be some issue with routing on some apps so to get round that the
> > choice is either: add default route manually when using OpenVPN / or use
> > native client.
> >
> >
> > I managed to find this thread from the list:
> >
> > http://comments.gmane.org/gmane.os.openbsd.misc/209636
> >
> > and managed to pretty much validate my config in comparison but for some
> > reason I cannot work this one out.
> >
> > System is up to date as per last night and build is:
> >
> > 5.6 GENERIC.MP#633 amd64
> >
> > 5.6 GENERIC.MP#633 amd64
> >
> >
> > Would anyone be able to suggest anything?
> >
> >
> > Thanks.
> >
> >
> > Kaya
> >
>
>
> I am seeing the same behaviour (apparently a clean exit, no message
> whatsoever nor core file) on -current, with an ipsec.conf as simple as
> this:
>
> ike dynamic esp from 10.17.19.3 (egress) to 10.17.16.0/22 \
>     peer vpn.foo.bar \
> srcid peer1.foo.bar dstid vpn.foo.bar
>
>
> I have upgraded -current several times since I last used IPSec, so I
> can't tell for sure when it started...
>
>
>
> OpenBSD 5.6-current (GENERIC.MP) #634: Mon Dec  1 10:11:11 MST 2014
>     [hidden email]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> real mem = 8357658624 (7970MB)
> avail mem = 8131330048 (7754MB)
> mpath0 at root
> scsibus0 at mpath0: 256 targets
> mainbus0 at root
> bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xe0010 (78 entries)
> bios0: vendor LENOVO version "6QET70WW (1.40 )" date 10/11/2012
> bios0: LENOVO 3680WE9
> acpi0 at bios0: rev 2
> acpi0: sleep states S0 S3 S4 S5
> acpi0: tables DSDT FACP SSDT ECDT APIC MCFG HPET ASF! BOOT SSDT TCPA DMAR SSDT SSDT SSDT
> acpi0: wakeup devices LID_(S3) SLPB(S3) IGBE(S4) EXP1(S4) EXP2(S4) EXP3(S4) EXP4(S4) EXP5(S4) EHC1(S3) EHC2(S3) HDEF(S4)
> acpitimer0 at acpi0: 3579545 Hz, 24 bits
> acpiec0 at acpi0
> acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
> cpu0 at mainbus0: apid 0 (boot processor)
> cpu0: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz, 2660.43 MHz
> cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,AES,NXE,LONG,LAHF,PERF,ITSC
> cpu0: 256KB 64b/line 8-way L2 cache
> cpu0: smt 0, core 0, package 0
> mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
> cpu0: apic clock running at 133MHz
> cpu1 at mainbus0: apid 1 (application processor)
> cpu1: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz, 2660.01 MHz
> cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,AES,NXE,LONG,LAHF,PERF,ITSC
> cpu1: 256KB 64b/line 8-way L2 cache
> cpu1: smt 1, core 0, package 0
> cpu2 at mainbus0: apid 4 (application processor)
> cpu2: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz, 2660.01 MHz
> cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,AES,NXE,LONG,LAHF,PERF,ITSC
> cpu2: 256KB 64b/line 8-way L2 cache
> cpu2: smt 0, core 2, package 0
> cpu3 at mainbus0: apid 5 (application processor)
> cpu3: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz, 2660.01 MHz
> cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,AES,NXE,LONG,LAHF,PERF,ITSC
> cpu3: 256KB 64b/line 8-way L2 cache
> cpu3: smt 1, core 2, package 0
> ioapic0 at mainbus0: apid 1 pa 0xfec00000, version 20, 24 pins
> ioapic0: misconfigured as apic 2, remapped to apid 1
> acpimcfg0 at acpi0 addr 0xe0000000, bus 0-255
> acpihpet0 at acpi0: 14318179 Hz
> acpiprt0 at acpi0: bus 0 (PCI0)
> acpiprt1 at acpi0: bus -1 (PEG_)
> acpiprt2 at acpi0: bus 13 (EXP1)
> acpiprt3 at acpi0: bus -1 (EXP2)
> acpiprt4 at acpi0: bus -1 (EXP3)
> acpiprt5 at acpi0: bus -1 (EXP4)
> acpiprt6 at acpi0: bus 2 (EXP5)
> acpicpu0 at acpi0: C3, C1, PSS
> acpicpu1 at acpi0: C3, C1, PSS
> acpicpu2 at acpi0: C3, C1, PSS
> acpicpu3 at acpi0: C3, C1, PSS
> acpipwrres0 at acpi0: PUBS, resource for EHC1, EHC2
> acpitz0 at acpi0: critical temperature is 100 degC
> acpibtn0 at acpi0: LID_
> acpibtn1 at acpi0: SLPB
> acpibat0 at acpi0: BAT0 model "42T4694" serial   545 type LION oem "SANYO"
> acpibat1 at acpi0: BAT1 not present
> acpiac0 at acpi0: AC unit online
> acpithinkpad0 at acpi0
> acpidock0 at acpi0: GDCK docked (15)
> cpu0: Enhanced SpeedStep 2660 MHz: speeds: 2400, 2399, 2266, 2133, 1999, 1866, 1733, 1599, 1466, 1333, 1199 MHz
> pci0 at mainbus0 bus 0
> pchb0 at pci0 dev 0 function 0 "Intel Core Host" rev 0x02
> vga1 at pci0 dev 2 function 0 "Intel HD Graphics" rev 0x02
> intagp0 at vga1
> agp0 at intagp0: aperture at 0xd0000000, size 0x10000000
> inteldrm0 at vga1
> drm0 at inteldrm0
> inteldrm0: 1280x800
> wsdisplay0 at vga1 mux 1: console (std, vt100 emulation)
> wsdisplay0: screen 1-5 added (std, vt100 emulation)
> "Intel 3400 MEI" rev 0x06 at pci0 dev 22 function 0 not configured
> em0 at pci0 dev 25 function 0 "Intel 82577LM" rev 0x06: msi, address xx:xx:xx:xx:xx:xx
> ehci0 at pci0 dev 26 function 0 "Intel 3400 USB" rev 0x06: apic 1 int 23
> usb0 at ehci0: USB revision 2.0
> uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
> azalia0 at pci0 dev 27 function 0 "Intel 3400 HD Audio" rev 0x06: msi
> azalia0: codecs: Conexant/0x5069, Intel/0x2804, using Conexant/0x5069
> audio0 at azalia0
> ppb0 at pci0 dev 28 function 0 "Intel 3400 PCIE" rev 0x06: msi
> pci1 at ppb0 bus 13
> ppb1 at pci0 dev 28 function 4 "Intel 3400 PCIE" rev 0x06: msi
> pci2 at ppb1 bus 2
> iwn0 at pci2 dev 0 function 0 "Intel Centrino Advanced-N 6200" rev 0x35: msi, MIMO 2T2R, MoW, address xx:xx:xx:xx:xx:xx
> ehci1 at pci0 dev 29 function 0 "Intel 3400 USB" rev 0x06: apic 1 int 19
> usb1 at ehci1: USB revision 2.0
> uhub1 at usb1 "Intel EHCI root hub" rev 2.00/1.00 addr 1
> ppb2 at pci0 dev 30 function 0 "Intel 82801BAM Hub-to-PCI" rev 0xa6
> pci3 at ppb2 bus 14
> pcib0 at pci0 dev 31 function 0 "Intel QM57 LPC" rev 0x06
> ahci0 at pci0 dev 31 function 2 "Intel 3400 AHCI" rev 0x06: msi, AHCI 1.3
> scsibus1 at ahci0: 32 targets
> sd0 at scsibus1 targ 0 lun 0: <ATA, HITACHI HTS72503, PC3Z> SCSI3 0/direct fixed naa.5000cca645c68684
> sd0: 305245MB, 512 bytes/sector, 625142448 sectors
> cd0 at scsibus1 targ 1 lun 0: <HL-DT-ST, DVDRAM GU10N, MX05> ATAPI 5/cdrom removable
> ichiic0 at pci0 dev 31 function 3 "Intel 3400 SMBus" rev 0x06: apic 1 int 23
> iic0 at ichiic0
> spdmem0 at iic0 addr 0x50: 4GB DDR3 SDRAM PC3-10600 SO-DIMM
> spdmem1 at iic0 addr 0x51: 4GB DDR3 SDRAM PC3-10600 SO-DIMM
> itherm0 at pci0 dev 31 function 6 "Intel 3400 Thermal" rev 0x06
> isa0 at pcib0
> isadma0 at isa0
> pckbc0 at isa0 port 0x60/5
> pckbd0 at pckbc0 (kbd slot)
> pckbc0: using irq 1 for kbd slot
> wskbd0 at pckbd0: console keyboard, using wsdisplay0
> pms0 at pckbc0 (aux slot)
> pckbc0: using irq 12 for aux slot
> wsmouse0 at pms0 mux 0
> wsmouse1 at pms0 mux 0
> pms0: Synaptics touchpad, firmware 7.4
> pcppi0 at isa0 port 0x61
> spkr0 at pcppi0
> aps0 at isa0 port 0x1600/31
> pci4 at mainbus0 bus 255
> pchb1 at pci4 dev 0 function 0 "Intel QuickPath" rev 0x02
> pchb2 at pci4 dev 0 function 1 "Intel QuickPath" rev 0x02
> pchb3 at pci4 dev 2 function 0 "Intel QPI Link" rev 0x02
> pchb4 at pci4 dev 2 function 1 "Intel QPI Physical" rev 0x02
> pchb5 at pci4 dev 2 function 2 "Intel Reserved" rev 0x02
> pchb6 at pci4 dev 2 function 3 "Intel Reserved" rev 0x02
> uhub2 at uhub0 port 1 "Intel Rate Matching Hub" rev 2.00/0.00 addr 2
> uhub3 at uhub2 port 5 "Lenovo product 0x1005" rev 2.00/0.01 addr 3
> uhub4 at uhub3 port 2 "NEC hub" rev 2.00/1.00 addr 4
> uhub5 at uhub4 port 4 "NEC hub" rev 2.00/1.00 addr 5
> uhub6 at uhub1 port 1 "Intel Rate Matching Hub" rev 2.00/0.00 addr 2
> vscsi0 at root
> scsibus2 at vscsi0: 256 targets
> softraid0 at root
> scsibus3 at softraid0: 256 targets
> sd1 at scsibus3 targ 1 lun 0: <OPENBSD, SR CRYPTO, 005> SCSI2 0/direct fixed
> sd1: 305242MB, 512 bytes/sector, 625135808 sectors
> root on sd1a (40b8b4a2a7e90f03.a) swap on sd1b dump on sd1b
>
> --

Reply | Threaded
Open this post in threaded view
|

Re: isakmpd quits out after running ipsec on CURRENT

Zé Loff-2
On Wed, Dec 03, 2014 at 04:09:02PM +0100, Sebastian Reitenbach wrote:

> I run this kernel from beginning of November:
>
> OpenBSD 5.6-current (GENERIC) #492: Fri Nov  7 10:21:36 MST 2014
>     [hidden email]:/usr/src/sys/arch/i386/compile/GENERIC
> cpu0: Geode(TM) Integrated Processor by National Semi ("Geode by NSC" 586-class) 267 MHz
> cpu0: FPU,TSC,MSR,CX8,CMOV,MMX
>
> on my soekris box. Isakmpd is just started with: "-4 -K"
> my ipsec.conf looks similar to this one (only IP addresses changed):
>
> localip="1.1.1.1"
> peerip="2.2.2.2"
> ike esp from 3.3.3.0/24 to 4.4.0.0/16 \
>         local $localip peer $peerip \
>         main auth hmac-sha1 enc aes-128 group modp1024 \
>         quick auth hmac-sha1 enc aes-128 group modp1024 \
>         psk "top secret"
>  
>
> and it "just works".
>
> does a higher debug level i.e. -D A=90 show something, or logging the
> packets isakmpd sees with -L give more hints?

No packets are transferred, AFAICT.

Running isakmpd -Kdv -D A=90 yields a single line after ipsecctl is run:

    uiconfig: "C set [General]:Check-interval=30 force"

isakmpd then quits with exit code 0.

>
> cheers,
> Sebastian
>
> On Wednesday, December 3, 2014 15:53 CET, Zé Loff <[hidden email]> wrote:
>  
> > On Wed, Dec 03, 2014 at 02:00:59PM +0000, Kaya Saman wrote:
> > > Hi,
> > >
> > > for some reason, this seems to have been for a while now; isakmpd will
> > > simply quit running after initiating: ipsecctl -f /etc/ipsec.conf
> > >
> > > Starting isakmpd manually with flags -Kdv doesn't give any indication as
> > > to what might be causing the service to crash or segfault and nothing is
> > > reported in the logs - I checked both daemon and messages.
> > >
> > > ipsec.conf consists of standard config:
> > >
> > > ike passive esp transport \
> > >          proto udp from 212.159.80.17 to any port 1701 \
> > >          main auth "hmac-sha" enc "aes" group modp1024 \
> > >          quick auth "hmac-sha" enc "aes" \
> > >          psk "Sclr11XP99"
> > >
> > > ike passive esp transport \
> > >          proto udp from <IP> to any port 1701 \
> > >          main auth "hmac-sha" enc "aes" group modp1024 \
> > >          quick auth "hmac-sha" enc "aes" \
> > >          psk "<Some_crazy_pass>"
> > >
> > > Basically the setup used to work fine a few upgrades ago while I was on
> > > 5.5 but then something seems to have changed and it stopped.
> > >
> > > Along with the above I'm running npppd for ipsec/l2tp so I can run the
> > > native Android VPN client. I do run OpenVPN in addition but their seems
> > > to be some issue with routing on some apps so to get round that the
> > > choice is either: add default route manually when using OpenVPN / or use
> > > native client.
> > >
> > >
> > > I managed to find this thread from the list:
> > >
> > > http://comments.gmane.org/gmane.os.openbsd.misc/209636
> > >
> > > and managed to pretty much validate my config in comparison but for some
> > > reason I cannot work this one out.
> > >
> > > System is up to date as per last night and build is:
> > >
> > > 5.6 GENERIC.MP#633 amd64
> > >
> > > 5.6 GENERIC.MP#633 amd64
> > >
> > >
> > > Would anyone be able to suggest anything?
> > >
> > >
> > > Thanks.
> > >
> > >
> > > Kaya
> > >
> >
> >
> > I am seeing the same behaviour (apparently a clean exit, no message
> > whatsoever nor core file) on -current, with an ipsec.conf as simple as
> > this:
> >
> > ike dynamic esp from 10.17.19.3 (egress) to 10.17.16.0/22 \
> >     peer vpn.foo.bar \
> > srcid peer1.foo.bar dstid vpn.foo.bar
> >
> >
> > I have upgraded -current several times since I last used IPSec, so I
> > can't tell for sure when it started...
> >
> >
> >
> > OpenBSD 5.6-current (GENERIC.MP) #634: Mon Dec  1 10:11:11 MST 2014
> >     [hidden email]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> > real mem = 8357658624 (7970MB)
> > avail mem = 8131330048 (7754MB)
> > mpath0 at root
> > scsibus0 at mpath0: 256 targets
> > mainbus0 at root
> > bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xe0010 (78 entries)
> > bios0: vendor LENOVO version "6QET70WW (1.40 )" date 10/11/2012
> > bios0: LENOVO 3680WE9
> > acpi0 at bios0: rev 2
> > acpi0: sleep states S0 S3 S4 S5
> > acpi0: tables DSDT FACP SSDT ECDT APIC MCFG HPET ASF! BOOT SSDT TCPA DMAR SSDT SSDT SSDT
> > acpi0: wakeup devices LID_(S3) SLPB(S3) IGBE(S4) EXP1(S4) EXP2(S4) EXP3(S4) EXP4(S4) EXP5(S4) EHC1(S3) EHC2(S3) HDEF(S4)
> > acpitimer0 at acpi0: 3579545 Hz, 24 bits
> > acpiec0 at acpi0
> > acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
> > cpu0 at mainbus0: apid 0 (boot processor)
> > cpu0: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz, 2660.43 MHz
> > cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,AES,NXE,LONG,LAHF,PERF,ITSC
> > cpu0: 256KB 64b/line 8-way L2 cache
> > cpu0: smt 0, core 0, package 0
> > mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
> > cpu0: apic clock running at 133MHz
> > cpu1 at mainbus0: apid 1 (application processor)
> > cpu1: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz, 2660.01 MHz
> > cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,AES,NXE,LONG,LAHF,PERF,ITSC
> > cpu1: 256KB 64b/line 8-way L2 cache
> > cpu1: smt 1, core 0, package 0
> > cpu2 at mainbus0: apid 4 (application processor)
> > cpu2: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz, 2660.01 MHz
> > cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,AES,NXE,LONG,LAHF,PERF,ITSC
> > cpu2: 256KB 64b/line 8-way L2 cache
> > cpu2: smt 0, core 2, package 0
> > cpu3 at mainbus0: apid 5 (application processor)
> > cpu3: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz, 2660.01 MHz
> > cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,AES,NXE,LONG,LAHF,PERF,ITSC
> > cpu3: 256KB 64b/line 8-way L2 cache
> > cpu3: smt 1, core 2, package 0
> > ioapic0 at mainbus0: apid 1 pa 0xfec00000, version 20, 24 pins
> > ioapic0: misconfigured as apic 2, remapped to apid 1
> > acpimcfg0 at acpi0 addr 0xe0000000, bus 0-255
> > acpihpet0 at acpi0: 14318179 Hz
> > acpiprt0 at acpi0: bus 0 (PCI0)
> > acpiprt1 at acpi0: bus -1 (PEG_)
> > acpiprt2 at acpi0: bus 13 (EXP1)
> > acpiprt3 at acpi0: bus -1 (EXP2)
> > acpiprt4 at acpi0: bus -1 (EXP3)
> > acpiprt5 at acpi0: bus -1 (EXP4)
> > acpiprt6 at acpi0: bus 2 (EXP5)
> > acpicpu0 at acpi0: C3, C1, PSS
> > acpicpu1 at acpi0: C3, C1, PSS
> > acpicpu2 at acpi0: C3, C1, PSS
> > acpicpu3 at acpi0: C3, C1, PSS
> > acpipwrres0 at acpi0: PUBS, resource for EHC1, EHC2
> > acpitz0 at acpi0: critical temperature is 100 degC
> > acpibtn0 at acpi0: LID_
> > acpibtn1 at acpi0: SLPB
> > acpibat0 at acpi0: BAT0 model "42T4694" serial   545 type LION oem "SANYO"
> > acpibat1 at acpi0: BAT1 not present
> > acpiac0 at acpi0: AC unit online
> > acpithinkpad0 at acpi0
> > acpidock0 at acpi0: GDCK docked (15)
> > cpu0: Enhanced SpeedStep 2660 MHz: speeds: 2400, 2399, 2266, 2133, 1999, 1866, 1733, 1599, 1466, 1333, 1199 MHz
> > pci0 at mainbus0 bus 0
> > pchb0 at pci0 dev 0 function 0 "Intel Core Host" rev 0x02
> > vga1 at pci0 dev 2 function 0 "Intel HD Graphics" rev 0x02
> > intagp0 at vga1
> > agp0 at intagp0: aperture at 0xd0000000, size 0x10000000
> > inteldrm0 at vga1
> > drm0 at inteldrm0
> > inteldrm0: 1280x800
> > wsdisplay0 at vga1 mux 1: console (std, vt100 emulation)
> > wsdisplay0: screen 1-5 added (std, vt100 emulation)
> > "Intel 3400 MEI" rev 0x06 at pci0 dev 22 function 0 not configured
> > em0 at pci0 dev 25 function 0 "Intel 82577LM" rev 0x06: msi, address xx:xx:xx:xx:xx:xx
> > ehci0 at pci0 dev 26 function 0 "Intel 3400 USB" rev 0x06: apic 1 int 23
> > usb0 at ehci0: USB revision 2.0
> > uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
> > azalia0 at pci0 dev 27 function 0 "Intel 3400 HD Audio" rev 0x06: msi
> > azalia0: codecs: Conexant/0x5069, Intel/0x2804, using Conexant/0x5069
> > audio0 at azalia0
> > ppb0 at pci0 dev 28 function 0 "Intel 3400 PCIE" rev 0x06: msi
> > pci1 at ppb0 bus 13
> > ppb1 at pci0 dev 28 function 4 "Intel 3400 PCIE" rev 0x06: msi
> > pci2 at ppb1 bus 2
> > iwn0 at pci2 dev 0 function 0 "Intel Centrino Advanced-N 6200" rev 0x35: msi, MIMO 2T2R, MoW, address xx:xx:xx:xx:xx:xx
> > ehci1 at pci0 dev 29 function 0 "Intel 3400 USB" rev 0x06: apic 1 int 19
> > usb1 at ehci1: USB revision 2.0
> > uhub1 at usb1 "Intel EHCI root hub" rev 2.00/1.00 addr 1
> > ppb2 at pci0 dev 30 function 0 "Intel 82801BAM Hub-to-PCI" rev 0xa6
> > pci3 at ppb2 bus 14
> > pcib0 at pci0 dev 31 function 0 "Intel QM57 LPC" rev 0x06
> > ahci0 at pci0 dev 31 function 2 "Intel 3400 AHCI" rev 0x06: msi, AHCI 1.3
> > scsibus1 at ahci0: 32 targets
> > sd0 at scsibus1 targ 0 lun 0: <ATA, HITACHI HTS72503, PC3Z> SCSI3 0/direct fixed naa.5000cca645c68684
> > sd0: 305245MB, 512 bytes/sector, 625142448 sectors
> > cd0 at scsibus1 targ 1 lun 0: <HL-DT-ST, DVDRAM GU10N, MX05> ATAPI 5/cdrom removable
> > ichiic0 at pci0 dev 31 function 3 "Intel 3400 SMBus" rev 0x06: apic 1 int 23
> > iic0 at ichiic0
> > spdmem0 at iic0 addr 0x50: 4GB DDR3 SDRAM PC3-10600 SO-DIMM
> > spdmem1 at iic0 addr 0x51: 4GB DDR3 SDRAM PC3-10600 SO-DIMM
> > itherm0 at pci0 dev 31 function 6 "Intel 3400 Thermal" rev 0x06
> > isa0 at pcib0
> > isadma0 at isa0
> > pckbc0 at isa0 port 0x60/5
> > pckbd0 at pckbc0 (kbd slot)
> > pckbc0: using irq 1 for kbd slot
> > wskbd0 at pckbd0: console keyboard, using wsdisplay0
> > pms0 at pckbc0 (aux slot)
> > pckbc0: using irq 12 for aux slot
> > wsmouse0 at pms0 mux 0
> > wsmouse1 at pms0 mux 0
> > pms0: Synaptics touchpad, firmware 7.4
> > pcppi0 at isa0 port 0x61
> > spkr0 at pcppi0
> > aps0 at isa0 port 0x1600/31
> > pci4 at mainbus0 bus 255
> > pchb1 at pci4 dev 0 function 0 "Intel QuickPath" rev 0x02
> > pchb2 at pci4 dev 0 function 1 "Intel QuickPath" rev 0x02
> > pchb3 at pci4 dev 2 function 0 "Intel QPI Link" rev 0x02
> > pchb4 at pci4 dev 2 function 1 "Intel QPI Physical" rev 0x02
> > pchb5 at pci4 dev 2 function 2 "Intel Reserved" rev 0x02
> > pchb6 at pci4 dev 2 function 3 "Intel Reserved" rev 0x02
> > uhub2 at uhub0 port 1 "Intel Rate Matching Hub" rev 2.00/0.00 addr 2
> > uhub3 at uhub2 port 5 "Lenovo product 0x1005" rev 2.00/0.01 addr 3
> > uhub4 at uhub3 port 2 "NEC hub" rev 2.00/1.00 addr 4
> > uhub5 at uhub4 port 4 "NEC hub" rev 2.00/1.00 addr 5
> > uhub6 at uhub1 port 1 "Intel Rate Matching Hub" rev 2.00/0.00 addr 2
> > vscsi0 at root
> > scsibus2 at vscsi0: 256 targets
> > softraid0 at root
> > scsibus3 at softraid0: 256 targets
> > sd1 at scsibus3 targ 1 lun 0: <OPENBSD, SR CRYPTO, 005> SCSI2 0/direct fixed
> > sd1: 305242MB, 512 bytes/sector, 625135808 sectors
> > root on sd1a (40b8b4a2a7e90f03.a) swap on sd1b dump on sd1b
> >
> > --
>

--

Reply | Threaded
Open this post in threaded view
|

Re: isakmpd quits out after running ipsec on CURRENT

Zé Loff-2
On Wed, Dec 03, 2014 at 03:24:06PM +0000, Zé Loff wrote:

> On Wed, Dec 03, 2014 at 04:09:02PM +0100, Sebastian Reitenbach wrote:
> > I run this kernel from beginning of November:
> >
> > OpenBSD 5.6-current (GENERIC) #492: Fri Nov  7 10:21:36 MST 2014
> >     [hidden email]:/usr/src/sys/arch/i386/compile/GENERIC
> > cpu0: Geode(TM) Integrated Processor by National Semi ("Geode by NSC" 586-class) 267 MHz
> > cpu0: FPU,TSC,MSR,CX8,CMOV,MMX
> >
> > on my soekris box. Isakmpd is just started with: "-4 -K"
> > my ipsec.conf looks similar to this one (only IP addresses changed):
> >
> > localip="1.1.1.1"
> > peerip="2.2.2.2"
> > ike esp from 3.3.3.0/24 to 4.4.0.0/16 \
> >         local $localip peer $peerip \
> >         main auth hmac-sha1 enc aes-128 group modp1024 \
> >         quick auth hmac-sha1 enc aes-128 group modp1024 \
> >         psk "top secret"
> >  
> >
> > and it "just works".
> >
> > does a higher debug level i.e. -D A=90 show something, or logging the
> > packets isakmpd sees with -L give more hints?
>
> No packets are transferred, AFAICT.
>
> Running isakmpd -Kdv -D A=90 yields a single line after ipsecctl is run:
>
>     uiconfig: "C set [General]:Check-interval=30 force"
>
> isakmpd then quits with exit code 0.

Actually, A=99 yields an extra line:
   
                Misc 95 conf_set_now: [General]:Check-interval->30

>
> >
> > cheers,
> > Sebastian
> >
> > On Wednesday, December 3, 2014 15:53 CET, Zé Loff <[hidden email]> wrote:
> >  
> > > On Wed, Dec 03, 2014 at 02:00:59PM +0000, Kaya Saman wrote:
> > > > Hi,
> > > >
> > > > for some reason, this seems to have been for a while now; isakmpd will
> > > > simply quit running after initiating: ipsecctl -f /etc/ipsec.conf
> > > >
> > > > Starting isakmpd manually with flags -Kdv doesn't give any indication as
> > > > to what might be causing the service to crash or segfault and nothing is
> > > > reported in the logs - I checked both daemon and messages.
> > > >
> > > > ipsec.conf consists of standard config:
> > > >
> > > > ike passive esp transport \
> > > >          proto udp from 212.159.80.17 to any port 1701 \
> > > >          main auth "hmac-sha" enc "aes" group modp1024 \
> > > >          quick auth "hmac-sha" enc "aes" \
> > > >          psk "Sclr11XP99"
> > > >
> > > > ike passive esp transport \
> > > >          proto udp from <IP> to any port 1701 \
> > > >          main auth "hmac-sha" enc "aes" group modp1024 \
> > > >          quick auth "hmac-sha" enc "aes" \
> > > >          psk "<Some_crazy_pass>"
> > > >
> > > > Basically the setup used to work fine a few upgrades ago while I was on
> > > > 5.5 but then something seems to have changed and it stopped.
> > > >
> > > > Along with the above I'm running npppd for ipsec/l2tp so I can run the
> > > > native Android VPN client. I do run OpenVPN in addition but their seems
> > > > to be some issue with routing on some apps so to get round that the
> > > > choice is either: add default route manually when using OpenVPN / or use
> > > > native client.
> > > >
> > > >
> > > > I managed to find this thread from the list:
> > > >
> > > > http://comments.gmane.org/gmane.os.openbsd.misc/209636
> > > >
> > > > and managed to pretty much validate my config in comparison but for some
> > > > reason I cannot work this one out.
> > > >
> > > > System is up to date as per last night and build is:
> > > >
> > > > 5.6 GENERIC.MP#633 amd64
> > > >
> > > > 5.6 GENERIC.MP#633 amd64
> > > >
> > > >
> > > > Would anyone be able to suggest anything?
> > > >
> > > >
> > > > Thanks.
> > > >
> > > >
> > > > Kaya
> > > >
> > >
> > >
> > > I am seeing the same behaviour (apparently a clean exit, no message
> > > whatsoever nor core file) on -current, with an ipsec.conf as simple as
> > > this:
> > >
> > > ike dynamic esp from 10.17.19.3 (egress) to 10.17.16.0/22 \
> > >     peer vpn.foo.bar \
> > > srcid peer1.foo.bar dstid vpn.foo.bar
> > >
> > >
> > > I have upgraded -current several times since I last used IPSec, so I
> > > can't tell for sure when it started...
> > >
> > >
> > >
> > > OpenBSD 5.6-current (GENERIC.MP) #634: Mon Dec  1 10:11:11 MST 2014
> > >     [hidden email]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> > > real mem = 8357658624 (7970MB)
> > > avail mem = 8131330048 (7754MB)
> > > mpath0 at root
> > > scsibus0 at mpath0: 256 targets
> > > mainbus0 at root
> > > bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xe0010 (78 entries)
> > > bios0: vendor LENOVO version "6QET70WW (1.40 )" date 10/11/2012
> > > bios0: LENOVO 3680WE9
> > > acpi0 at bios0: rev 2
> > > acpi0: sleep states S0 S3 S4 S5
> > > acpi0: tables DSDT FACP SSDT ECDT APIC MCFG HPET ASF! BOOT SSDT TCPA DMAR SSDT SSDT SSDT
> > > acpi0: wakeup devices LID_(S3) SLPB(S3) IGBE(S4) EXP1(S4) EXP2(S4) EXP3(S4) EXP4(S4) EXP5(S4) EHC1(S3) EHC2(S3) HDEF(S4)
> > > acpitimer0 at acpi0: 3579545 Hz, 24 bits
> > > acpiec0 at acpi0
> > > acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
> > > cpu0 at mainbus0: apid 0 (boot processor)
> > > cpu0: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz, 2660.43 MHz
> > > cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,AES,NXE,LONG,LAHF,PERF,ITSC
> > > cpu0: 256KB 64b/line 8-way L2 cache
> > > cpu0: smt 0, core 0, package 0
> > > mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
> > > cpu0: apic clock running at 133MHz
> > > cpu1 at mainbus0: apid 1 (application processor)
> > > cpu1: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz, 2660.01 MHz
> > > cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,AES,NXE,LONG,LAHF,PERF,ITSC
> > > cpu1: 256KB 64b/line 8-way L2 cache
> > > cpu1: smt 1, core 0, package 0
> > > cpu2 at mainbus0: apid 4 (application processor)
> > > cpu2: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz, 2660.01 MHz
> > > cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,AES,NXE,LONG,LAHF,PERF,ITSC
> > > cpu2: 256KB 64b/line 8-way L2 cache
> > > cpu2: smt 0, core 2, package 0
> > > cpu3 at mainbus0: apid 5 (application processor)
> > > cpu3: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz, 2660.01 MHz
> > > cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,AES,NXE,LONG,LAHF,PERF,ITSC
> > > cpu3: 256KB 64b/line 8-way L2 cache
> > > cpu3: smt 1, core 2, package 0
> > > ioapic0 at mainbus0: apid 1 pa 0xfec00000, version 20, 24 pins
> > > ioapic0: misconfigured as apic 2, remapped to apid 1
> > > acpimcfg0 at acpi0 addr 0xe0000000, bus 0-255
> > > acpihpet0 at acpi0: 14318179 Hz
> > > acpiprt0 at acpi0: bus 0 (PCI0)
> > > acpiprt1 at acpi0: bus -1 (PEG_)
> > > acpiprt2 at acpi0: bus 13 (EXP1)
> > > acpiprt3 at acpi0: bus -1 (EXP2)
> > > acpiprt4 at acpi0: bus -1 (EXP3)
> > > acpiprt5 at acpi0: bus -1 (EXP4)
> > > acpiprt6 at acpi0: bus 2 (EXP5)
> > > acpicpu0 at acpi0: C3, C1, PSS
> > > acpicpu1 at acpi0: C3, C1, PSS
> > > acpicpu2 at acpi0: C3, C1, PSS
> > > acpicpu3 at acpi0: C3, C1, PSS
> > > acpipwrres0 at acpi0: PUBS, resource for EHC1, EHC2
> > > acpitz0 at acpi0: critical temperature is 100 degC
> > > acpibtn0 at acpi0: LID_
> > > acpibtn1 at acpi0: SLPB
> > > acpibat0 at acpi0: BAT0 model "42T4694" serial   545 type LION oem "SANYO"
> > > acpibat1 at acpi0: BAT1 not present
> > > acpiac0 at acpi0: AC unit online
> > > acpithinkpad0 at acpi0
> > > acpidock0 at acpi0: GDCK docked (15)
> > > cpu0: Enhanced SpeedStep 2660 MHz: speeds: 2400, 2399, 2266, 2133, 1999, 1866, 1733, 1599, 1466, 1333, 1199 MHz
> > > pci0 at mainbus0 bus 0
> > > pchb0 at pci0 dev 0 function 0 "Intel Core Host" rev 0x02
> > > vga1 at pci0 dev 2 function 0 "Intel HD Graphics" rev 0x02
> > > intagp0 at vga1
> > > agp0 at intagp0: aperture at 0xd0000000, size 0x10000000
> > > inteldrm0 at vga1
> > > drm0 at inteldrm0
> > > inteldrm0: 1280x800
> > > wsdisplay0 at vga1 mux 1: console (std, vt100 emulation)
> > > wsdisplay0: screen 1-5 added (std, vt100 emulation)
> > > "Intel 3400 MEI" rev 0x06 at pci0 dev 22 function 0 not configured
> > > em0 at pci0 dev 25 function 0 "Intel 82577LM" rev 0x06: msi, address xx:xx:xx:xx:xx:xx
> > > ehci0 at pci0 dev 26 function 0 "Intel 3400 USB" rev 0x06: apic 1 int 23
> > > usb0 at ehci0: USB revision 2.0
> > > uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
> > > azalia0 at pci0 dev 27 function 0 "Intel 3400 HD Audio" rev 0x06: msi
> > > azalia0: codecs: Conexant/0x5069, Intel/0x2804, using Conexant/0x5069
> > > audio0 at azalia0
> > > ppb0 at pci0 dev 28 function 0 "Intel 3400 PCIE" rev 0x06: msi
> > > pci1 at ppb0 bus 13
> > > ppb1 at pci0 dev 28 function 4 "Intel 3400 PCIE" rev 0x06: msi
> > > pci2 at ppb1 bus 2
> > > iwn0 at pci2 dev 0 function 0 "Intel Centrino Advanced-N 6200" rev 0x35: msi, MIMO 2T2R, MoW, address xx:xx:xx:xx:xx:xx
> > > ehci1 at pci0 dev 29 function 0 "Intel 3400 USB" rev 0x06: apic 1 int 19
> > > usb1 at ehci1: USB revision 2.0
> > > uhub1 at usb1 "Intel EHCI root hub" rev 2.00/1.00 addr 1
> > > ppb2 at pci0 dev 30 function 0 "Intel 82801BAM Hub-to-PCI" rev 0xa6
> > > pci3 at ppb2 bus 14
> > > pcib0 at pci0 dev 31 function 0 "Intel QM57 LPC" rev 0x06
> > > ahci0 at pci0 dev 31 function 2 "Intel 3400 AHCI" rev 0x06: msi, AHCI 1.3
> > > scsibus1 at ahci0: 32 targets
> > > sd0 at scsibus1 targ 0 lun 0: <ATA, HITACHI HTS72503, PC3Z> SCSI3 0/direct fixed naa.5000cca645c68684
> > > sd0: 305245MB, 512 bytes/sector, 625142448 sectors
> > > cd0 at scsibus1 targ 1 lun 0: <HL-DT-ST, DVDRAM GU10N, MX05> ATAPI 5/cdrom removable
> > > ichiic0 at pci0 dev 31 function 3 "Intel 3400 SMBus" rev 0x06: apic 1 int 23
> > > iic0 at ichiic0
> > > spdmem0 at iic0 addr 0x50: 4GB DDR3 SDRAM PC3-10600 SO-DIMM
> > > spdmem1 at iic0 addr 0x51: 4GB DDR3 SDRAM PC3-10600 SO-DIMM
> > > itherm0 at pci0 dev 31 function 6 "Intel 3400 Thermal" rev 0x06
> > > isa0 at pcib0
> > > isadma0 at isa0
> > > pckbc0 at isa0 port 0x60/5
> > > pckbd0 at pckbc0 (kbd slot)
> > > pckbc0: using irq 1 for kbd slot
> > > wskbd0 at pckbd0: console keyboard, using wsdisplay0
> > > pms0 at pckbc0 (aux slot)
> > > pckbc0: using irq 12 for aux slot
> > > wsmouse0 at pms0 mux 0
> > > wsmouse1 at pms0 mux 0
> > > pms0: Synaptics touchpad, firmware 7.4
> > > pcppi0 at isa0 port 0x61
> > > spkr0 at pcppi0
> > > aps0 at isa0 port 0x1600/31
> > > pci4 at mainbus0 bus 255
> > > pchb1 at pci4 dev 0 function 0 "Intel QuickPath" rev 0x02
> > > pchb2 at pci4 dev 0 function 1 "Intel QuickPath" rev 0x02
> > > pchb3 at pci4 dev 2 function 0 "Intel QPI Link" rev 0x02
> > > pchb4 at pci4 dev 2 function 1 "Intel QPI Physical" rev 0x02
> > > pchb5 at pci4 dev 2 function 2 "Intel Reserved" rev 0x02
> > > pchb6 at pci4 dev 2 function 3 "Intel Reserved" rev 0x02
> > > uhub2 at uhub0 port 1 "Intel Rate Matching Hub" rev 2.00/0.00 addr 2
> > > uhub3 at uhub2 port 5 "Lenovo product 0x1005" rev 2.00/0.01 addr 3
> > > uhub4 at uhub3 port 2 "NEC hub" rev 2.00/1.00 addr 4
> > > uhub5 at uhub4 port 4 "NEC hub" rev 2.00/1.00 addr 5
> > > uhub6 at uhub1 port 1 "Intel Rate Matching Hub" rev 2.00/0.00 addr 2
> > > vscsi0 at root
> > > scsibus2 at vscsi0: 256 targets
> > > softraid0 at root
> > > scsibus3 at softraid0: 256 targets
> > > sd1 at scsibus3 targ 1 lun 0: <OPENBSD, SR CRYPTO, 005> SCSI2 0/direct fixed
> > > sd1: 305242MB, 512 bytes/sector, 625135808 sectors
> > > root on sd1a (40b8b4a2a7e90f03.a) swap on sd1b dump on sd1b
> > >
> > > --
> >
>
> --
>

--

Reply | Threaded
Open this post in threaded view
|

Re: isakmpd quits out after running ipsec on CURRENT

Christian Weisgerber
In reply to this post by Zé Loff-2
On 2014-12-03, Zé Loff <[hidden email]> wrote:

>> for some reason, this seems to have been for a while now; isakmpd will
>> simply quit running after initiating: ipsecctl -f /etc/ipsec.conf
>
> I am seeing the same behaviour (apparently a clean exit, no message
> whatsoever nor core file) on -current, with an ipsec.conf as simple as
> this:

This could be the bug fixed in src/sbin/isakmpd/ui.c rev 1.56.
Check your system logs for "isakmpd: backwards memcpy".

--
Christian "naddy" Weisgerber                          [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: isakmpd quits out after running ipsec on CURRENT

Josh Grosse
On 2014-12-03 12:47, Christian Weisgerber wrote:

> On 2014-12-03, Zé Loff <[hidden email]> wrote:
>
>>> for some reason, this seems to have been for a while now; isakmpd
>>> will
>>> simply quit running after initiating: ipsecctl -f /etc/ipsec.conf
>>
>> I am seeing the same behaviour (apparently a clean exit, no message
>> whatsoever nor core file) on -current, with an ipsec.conf as simple as
>> this:
>
> This could be the bug fixed in src/sbin/isakmpd/ui.c rev 1.56.
> Check your system logs for "isakmpd: backwards memcpy".

It may not be that change, since it was only committed two days ago.  
I've
seen the same symptoms in i386 snapshots from Nov 26 and 30. I had
planned
to spend a few hours this next weekend trying to isolate the regression,
and
to date have not done any more than reproduce the problem with older
kernels.

Reply | Threaded
Open this post in threaded view
|

Re: isakmpd quits out after running ipsec on CURRENT

Josh Grosse
On 2014-12-03 13:59, Josh Grosse wrote:
> On 2014-12-03 12:47, Christian Weisgerber wrote:
...

>> This could be the bug fixed in src/sbin/isakmpd/ui.c rev 1.56.
>> Check your system logs for "isakmpd: backwards memcpy".
>
> It may not be that change, since it was only committed two days ago.  
> I've
> seen the same symptoms in i386 snapshots from Nov 26 and 30. I had
> planned
> to spend a few hours this next weekend trying to isolate the
> regression, and
> to date have not done any more than reproduce the problem with older
> kernels.

Ack.  Never mind.  This could be the *fix*.  Sorry for the noise.  My
apologies.
I seem to have way too much blood in my caffeine system.

Reply | Threaded
Open this post in threaded view
|

Re: isakmpd quits out after running ipsec on CURRENT

Christian Weisgerber
In reply to this post by Josh Grosse
On 2014-12-03, Josh Grosse <[hidden email]> wrote:

>> This could be the bug fixed in src/sbin/isakmpd/ui.c rev 1.56.
>> Check your system logs for "isakmpd: backwards memcpy".
>
> It may not be that change, since it was only committed two days ago.  
> I've
> seen the same symptoms in i386 snapshots from Nov 26 and 30.

Exactly, that change _fixes_ it.  In recent snapshots, memcpy()
checks for overlap and aborts.

For some background, see
http://www.tedunangst.com/flak/post/memcpy-vs-memmove

--
Christian "naddy" Weisgerber                          [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: isakmpd quits out after running ipsec on CURRENT

Kaya Saman-2
On 12/03/2014 07:39 PM, Christian Weisgerber wrote:

> On 2014-12-03, Josh Grosse <[hidden email]> wrote:
>
>>> This could be the bug fixed in src/sbin/isakmpd/ui.c rev 1.56.
>>> Check your system logs for "isakmpd: backwards memcpy".
>> It may not be that change, since it was only committed two days ago.
>> I've
>> seen the same symptoms in i386 snapshots from Nov 26 and 30.
> Exactly, that change _fixes_ it.  In recent snapshots, memcpy()
> checks for overlap and aborts.
>
> For some background, see
> http://www.tedunangst.com/flak/post/memcpy-vs-memmove
>

When you mention the change **fixes** the bug, is there something in
addition that needs to be done in order to get isakmpd and ipsec working
together?


I am seeing this in the logs:

Dec  4 09:35:33 Gamma-Ray isakmpd: backwards memcpy

Dec  4 09:35:33 <sys_name> isakmpd: backwards memcpy


which is what was stated earlier.


Or does the **fix** exaggerate another bug in the code?


Regards,


Kaya

Reply | Threaded
Open this post in threaded view
|

Re: isakmpd quits out after running ipsec on CURRENT

Christian Weisgerber
On 2014-12-04, Kaya Saman <[hidden email]> wrote:

> I am seeing this in the logs:
> Dec  4 09:35:33 Gamma-Ray isakmpd: backwards memcpy
> Dec  4 09:35:33 <sys_name> isakmpd: backwards memcpy

So your isakmpd is broken.  Wait for the next snapshot or build one from
-current sources yourself.

--
Christian "naddy" Weisgerber                          [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: isakmpd quits out after running ipsec on CURRENT

Ted Unangst-6
In reply to this post by Josh Grosse
On Thu, Dec 04, 2014 at 12:29, Kaya Saman wrote:

> On 12/03/2014 07:39 PM, Christian Weisgerber wrote:
>> On 2014-12-03, Josh Grosse <[hidden email]> wrote:
>>
>>>> This could be the bug fixed in src/sbin/isakmpd/ui.c rev 1.56.
>>>> Check your system logs for "isakmpd: backwards memcpy".
>>> It may not be that change, since it was only committed two days ago.
>>> I've
>>> seen the same symptoms in i386 snapshots from Nov 26 and 30.
>> Exactly, that change _fixes_ it.  In recent snapshots, memcpy()
>> checks for overlap and aborts.
>>
>> For some background, see
>> http://www.tedunangst.com/flak/post/memcpy-vs-memmove
>>
>
> When you mention the change **fixes** the bug, is there something in
> addition that needs to be done in order to get isakmpd and ipsec working
> together?
>
>
> I am seeing this in the logs:
>
> Dec  4 09:35:33 Gamma-Ray isakmpd: backwards memcpy
>
> Dec  4 09:35:33 <sys_name> isakmpd: backwards memcpy
>
>
> which is what was stated earlier.
>
>
> Or does the **fix** exaggerate another bug in the code?

There was *one* fix to isakmpd for *one* bug. There may be more than
one bug. There's certainly a lot more than one memcpy in it.

Reply | Threaded
Open this post in threaded view
|

Re: isakmpd quits out after running ipsec on CURRENT

Kaya Saman-2
On 12/04/2014 04:28 PM, Ted Unangst wrote:

> On Thu, Dec 04, 2014 at 12:29, Kaya Saman wrote:
>> On 12/03/2014 07:39 PM, Christian Weisgerber wrote:
>>> On 2014-12-03, Josh Grosse <[hidden email]> wrote:
>>>
>>>>> This could be the bug fixed in src/sbin/isakmpd/ui.c rev 1.56.
>>>>> Check your system logs for "isakmpd: backwards memcpy".
>>>> It may not be that change, since it was only committed two days ago.
>>>> I've
>>>> seen the same symptoms in i386 snapshots from Nov 26 and 30.
>>> Exactly, that change _fixes_ it.  In recent snapshots, memcpy()
>>> checks for overlap and aborts.
>>>
>>> For some background, see
>>> http://www.tedunangst.com/flak/post/memcpy-vs-memmove
>>>
>> When you mention the change **fixes** the bug, is there something in
>> addition that needs to be done in order to get isakmpd and ipsec working
>> together?
>>
>>
>> I am seeing this in the logs:
>>
>> Dec  4 09:35:33 Gamma-Ray isakmpd: backwards memcpy
>>
>> Dec  4 09:35:33 <sys_name> isakmpd: backwards memcpy
>>
>>
>> which is what was stated earlier.
>>
>>
>> Or does the **fix** exaggerate another bug in the code?
> There was *one* fix to isakmpd for *one* bug. There may be more than
> one bug. There's certainly a lot more than one memcpy in it.

Thanks everyone for the responses.... sorry for the "cross-wires" in
understanding the situation at present.

Will wait for a fix :-)


Regards,


Kaya