Project

General

Profile

Actions

Bug #3417

closed

racoon crashes after mobile xauth login with fourth DNS server configured

Added by Jim Pingle about 10 years ago. Updated over 9 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
IPsec
Target version:
Start date:
01/29/2014
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.1
Affected Architecture:
All

Description

If Mobile IPsec is configured to push DNS servers to clients, and you have four DNS servers configured, racoon will crash after a login with a signal 11. If you remove the fourth DNS server and only push three, it's OK.

There is nothing different in racoon.conf about the fourth server, only an additional line.

With three set:

        dns4 192.168.1.1;
        dns4 192.168.1.2;
        dns4 8.8.8.8;

With four set:

        dns4 192.168.1.1;
        dns4 192.168.1.2;
        dns4 8.8.8.8;
        dns4 8.8.4.4;

Racoon log:

Jan 29 09:55:24     racoon: [192.168.2.23] ERROR: notification INITIAL-CONTACT received in aggressive exchange.
Jan 29 09:55:24     racoon: INFO: NAT detected: ME PEER
Jan 29 09:55:24     racoon: INFO: Sending Xauth request
Jan 29 09:55:24     racoon: [Self]: INFO: ISAKMP-SA established 192.168.2.243[4500]-192.168.2.23[4500] spi:2407819ff7cee787:c0a2ff26abc2e3a0
Jan 29 09:55:24     racoon: INFO: Using port 0
Jan 29 09:55:24     racoon: user 'mobileuser1' authenticated
Jan 29 09:55:24     racoon: INFO: login succeeded for user "mobileuser1" 

System log:

Jan 29 09:55:33     kernel: pid 665 (racoon), uid 0: exited on signal 11 (core dumped)

If it's not easily fixable in racoon, we may just want to remove the fourth DNS field support from the GUI and the backend code.

Tested on 2.1, 2.1p1, and 2.1.1 -- same behavior.

Actions #1

Updated by Chris Buechler almost 10 years ago

  • Status changed from New to Feedback
  • Target version set to 2.2

ran into this one today. Presume this is not an issue with 2.2 given racoon is gone, setting target version 2.2 to confirm that, or if worst case scenario we end up going back to ipsec-tools for 2.2, we'll just take out the 4th DNS server IP field.

Actions #2

Updated by Chris Buechler over 9 years ago

  • Status changed from Feedback to Resolved
Actions

Also available in: Atom PDF