Unexpected segmentation fault

[federicoaaguirre]

Openswan: 1:2.6.38-1
Error:

Jul 14 06:32:37 rtr-vpn01 kernel: : [93293.818023] pluto[29799]: segfault at 0 ip 08057572 sp bfaf3c00 error 4 in pluto[8048000+ed000]
Jul 14 06:32:37 rtr-vpn01 ipsec__plutorun: Segmentation fault
Jul 14 06:32:37 rtr-vpn01 ipsec__plutorun: !pluto failure!:  exited with error status 139 (signal 11)
Jul 14 06:32:37 rtr-vpn01 ipsec__plutorun: restarting IPsec after pause...

We have the configuration file that cause the segfault, after removed it, openswan stops to constantly restarts.

Config file:

conn myvpn
        authby=secret
        type=tunnel
        auto=start

        left=%defaultroute
        leftid=181.55.31.94
        leftsubnet=10.10.0.0/30
        leftsourceip=10.10.0.1

        right=190.210.164.170
        rightsubnet=10.131.0.60/30
        pfs=no

        ike=aes256-sha1;modp1536
        esp=aes256-sha1;modp1536
        ikelifetime=86400s
        salifetime=28800s

        dpddelay=30
        dpdtimeout=150
        dpdaction=restart

        ikev2=insist

This was working well until the right side put their VPN down.

Any idea about this?
Regards

[shussain]

Hello @federicoaaguirre

The version of OSW you are using is older and we have had addressed several issues since then.

As such I woudl recommend upgrading to a more recent version of OSW. If the issue still occurs, I would request you provide the results of running ipsec barf

[jaycenornin]

Openswan is installed a lot of OEM network devices subject to the OEM's upgrade paths. If the OEM doesn't update Openswan, then we are stuck on the current version. If the segmentation fault is a known issue in an old version, providing some context and even some configuration settings that may work around the issue would be far more helpful than telling users to upgrade when that isn't always an option for them.

[letoams]

Openswan has been abandoned about 10 years ago, see https://nohats.ca/wordpress/blog/2021/04/23/please-stop-using-openswan/

And

https://nohats.ca/wordpress/openswan/

[shussain]

Openswan has had multiple releases over the last 10 years. While it is true it has been forked, it has had bug fixes and new features over the years.

[letoams]

On Fri, 10 Feb 2023, Samir wrote: Openswan has had multiple releases over the last 10 years. While it is true it has been forked, it has had bug fixes and new features over the years.

I monitor https://github.com/xelerance/Openswan/blob/master/CHANGES and haven't seen any new features. Just many bugfixes and bug introductions. The mailing lists see 0 messages in the last few years. And all issue reports are closed with "try the latest version". No Linux distro recommends openswan. It's dead Jim