Bug 470738 - An upgrade to ipsec-tools-0.7.1-5.fc9.x86_64 broke VPN links
An upgrade to ipsec-tools-0.7.1-5.fc9.x86_64 broke VPN links
Status: CLOSED DUPLICATE of bug 470575
Product: Fedora
Classification: Fedora
Component: ipsec-tools (Show other bugs)
9
All Linux
medium Severity medium
: ---
: ---
Assigned To: Tomas Mraz
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-11-09 16:43 EST by Need Real Name
Modified: 2008-11-10 05:39 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-11-10 05:39:22 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
audit.log (4.61 KB, text/plain)
2008-11-10 04:38 EST, Need Real Name
no flags Details

  None (edit)
Description Need Real Name 2008-11-09 16:43:27 EST
An upgrade to 
 ipsec-tools-0.7.1-5.fc9.x86_64
broke my VPN links
ipsec-tools-0.7-13.fc9.x86_64 is OK
Linux comp 2.6.27.4-24.fc9.x86_64 #1 SMP Tue Nov 4 19:10:40 EST 2008 x86_64 x86_64 x86_64 GNU/Linux

phase 1 passes OK, phase 2 fails. there was no such problem with ipsec-tools-0.7-13.fc9.x86_64

loops with
2008-11-09 16:23:22: DEBUG: compute DH's shared.
2008-11-09 16:23:22: DEBUG: 
2008-11-09 16:23:22: DEBUG: hmac(hmac_sha1)
2008-11-09 16:23:22: DEBUG: encryption(aes)
2008-11-09 16:23:22: DEBUG: hmac(sha1)
2008-11-09 16:23:22: DEBUG: encklen=256 authklen=160
2008-11-09 16:23:22: DEBUG: generating 640 bits of key (dupkeymat=4)
2008-11-09 16:23:22: DEBUG: generating K1...K4 for KEYMAT.
2008-11-09 16:23:22: DEBUG: hmac(hmac_sha1)
2008-11-09 16:23:22: DEBUG: hmac(hmac_sha1)
2008-11-09 16:23:22: DEBUG: hmac(hmac_sha1)
2008-11-09 16:23:22: DEBUG: 
2008-11-09 16:23:22: DEBUG: KEYMAT compute with
2008-11-09 16:23:22: DEBUG: 
2008-11-09 16:23:22: DEBUG: hmac(hmac_sha1)
2008-11-09 16:23:22: DEBUG: encryption(aes)
2008-11-09 16:23:22: DEBUG: hmac(sha1)
2008-11-09 16:23:22: DEBUG: encklen=256 authklen=160
2008-11-09 16:23:22: DEBUG: generating 640 bits of key (dupkeymat=4)
2008-11-09 16:23:22: DEBUG: generating K1...K4 for KEYMAT.
2008-11-09 16:23:22: DEBUG: hmac(hmac_sha1)
2008-11-09 16:23:22: DEBUG: hmac(hmac_sha1)
2008-11-09 16:23:22: DEBUG: hmac(hmac_sha1)
2008-11-09 16:23:22: DEBUG: 
2008-11-09 16:23:22: DEBUG: KEYMAT computed.
2008-11-09 16:23:22: DEBUG: call pk_sendupdate
2008-11-09 16:23:22: DEBUG: encryption(aes)
2008-11-09 16:23:22: DEBUG: hmac(sha1)
2008-11-09 16:23:22: DEBUG: call pfkey_send_update2
2008-11-09 16:23:22: DEBUG: pfkey update sent.
2008-11-09 16:23:22: DEBUG: encryption(aes)
2008-11-09 16:23:22: DEBUG: hmac(sha1)
2008-11-09 16:23:22: ERROR: pfkey add failed.
2008-11-09 16:23:22: ERROR: failed to process packet.
2008-11-09 16:23:22: ERROR: phase2 negotiation failed.
2008-11-09 16:23:22: DEBUG: an undead schedule has been deleted.
2008-11-09 16:23:22: DEBUG: IV freed
2008-11-09 16:23:22: DEBUG: pk_recv: retry[0] recv() 
2008-11-09 16:23:22: DEBUG: get pfkey UPDATE message
2008-11-09 16:23:22: DEBUG2: 
2008-11-09 16:23:22: DEBUG: seq 43 of UPDATE message not interesting.
2008-11-09 16:23:47: DEBUG: pk_recv: retry[0] recv() 
2008-11-09 16:23:47: DEBUG: get pfkey ACQUIRE message
2008-11-09 16:23:47: DEBUG2: 


Also,
I am not sure where the problem is,
every time I start this new ipsec I get OOM kill on 8Gb machine
#free
             total       used       free     shared    buffers     cached
Mem:       7682424    7644384      38040          0        808       7488
-/+ buffers/cache:    7636088      46336
Swap:            0          0          0
/proc/meminfo
# cat /proc/meminfo 
MemTotal:      7682424 kB
MemFree:       6958672 kB
Buffers:          6232 kB
Cached:         265960 kB
SwapCached:          0 kB
Active:         374988 kB
Inactive:       205184 kB
SwapTotal:           0 kB
SwapFree:            0 kB
Dirty:               4 kB
Writeback:           0 kB
AnonPages:      307980 kB
Mapped:          56836 kB
Slab:            39096 kB
SReclaimable:    15272 kB
SUnreclaim:      23824 kB
PageTables:      25000 kB
NFS_Unstable:        0 kB
Bounce:              0 kB
WritebackTmp:        0 kB
CommitLimit:   3841212 kB
Committed_AS:   645008 kB
VmallocTotal: 34359738367 kB
VmallocUsed:    286440 kB
VmallocChunk: 34359451847 kB
HugePages_Total:     0
HugePages_Free:      0
HugePages_Rsvd:      0
HugePages_Surp:      0
Hugepagesize:     2048 kB
DirectMap4k:      9920 kB
DirectMap2M:   7854080 kB

# ps axuww
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root         1  0.0  0.0   4044   256 ?        Ss   15:50   0:00 /sbin/init
root         2  0.0  0.0      0     0 ?        S<   15:50   0:00 [kthreadd]
root         3  0.0  0.0      0     0 ?        S<   15:50   0:00 [migration/0]
root         4  0.0  0.0      0     0 ?        S<   15:50   0:00 [ksoftirqd/0]
root         5  0.0  0.0      0     0 ?        S<   15:50   0:00 [watchdog/0]
root         6  0.0  0.0      0     0 ?        S<   15:50   0:00 [migration/1]
root         7  0.0  0.0      0     0 ?        S<   15:50   0:00 [ksoftirqd/1]
root         8  0.0  0.0      0     0 ?        S<   15:50   0:00 [watchdog/1]
root         9  0.0  0.0      0     0 ?        S<   15:50   0:00 [events/0]
root        10  0.0  0.0      0     0 ?        S<   15:50   0:00 [events/1]
root        11  0.0  0.0      0     0 ?        S<   15:50   0:00 [khelper]
root        68  0.0  0.0      0     0 ?        S<   15:50   0:00 [kintegrityd/0]
root        69  0.0  0.0      0     0 ?        S<   15:50   0:00 [kintegrityd/1]
root        71  0.0  0.0      0     0 ?        S<   15:50   0:00 [kblockd/0]
root        72  0.0  0.0      0     0 ?        S<   15:50   0:00 [kblockd/1]
root        74  0.0  0.0      0     0 ?        S<   15:50   0:00 [kacpid]
root        75  0.0  0.0      0     0 ?        S<   15:50   0:00 [kacpi_notify]
root       165  0.0  0.0      0     0 ?        S<   15:50   0:00 [cqueue]
root       167  0.0  0.0      0     0 ?        S<   15:50   0:00 [ksuspend_usbd]
root       172  0.0  0.0      0     0 ?        S<   15:50   0:00 [khubd]
root       175  0.0  0.0      0     0 ?        S<   15:50   0:00 [kseriod]
root       234  4.4  0.0      0     0 ?        R<   15:50   1:41 [kswapd0]
root       281  0.0  0.0      0     0 ?        S<   15:50   0:00 [aio/0]
root       282  0.0  0.0      0     0 ?        S<   15:50   0:00 [aio/1]
root       460  0.0  0.0      0     0 ?        S<   15:50   0:00 [kpsmoused]
root       503  0.0  0.0      0     0 ?        S<   15:50   0:00 [ata/0]
root       504  0.0  0.0      0     0 ?        S<   15:50   0:00 [ata/1]
root       505  0.0  0.0      0     0 ?        S<   15:50   0:00 [ata_aux]
root       509  0.0  0.0      0     0 ?        S<   15:50   0:00 [scsi_eh_0]
root       510  0.0  0.0      0     0 ?        S<   15:50   0:00 [scsi_eh_1]
root       511  0.0  0.0      0     0 ?        S<   15:50   0:00 [scsi_eh_2]
root       512  0.0  0.0      0     0 ?        S<   15:50   0:00 [scsi_eh_3]
root       513  0.0  0.0      0     0 ?        S<   15:50   0:00 [scsi_eh_4]
root       514  0.0  0.0      0     0 ?        S<   15:50   0:00 [scsi_eh_5]
root       523  0.0  0.0      0     0 ?        S<   15:51   0:00 [kjournald]
root       577  0.0  0.0  13436  1144 ?        S<s  15:51   0:00 /sbin/udevd -d
root       960  0.0  0.0      0     0 ?        S<   15:51   0:00 [scsi_eh_6]
root       964  0.0  0.0      0     0 ?        S<   15:51   0:00 [scsi_eh_7]
root      1119  0.1  0.0      0     0 ?        S<   15:51   0:02 [kauditd]
root      1593  0.0  0.0      0     0 ?        S<   15:51   0:00 [md0_raid1]
root      1612  0.0  0.0      0     0 ?        S<   15:51   0:00 [kstriped]
root      1627  0.0  0.0      0     0 ?        S<   15:51   0:00 [kmpathd/0]
root      1629  0.0  0.0      0     0 ?        S<   15:51   0:00 [kmpathd/1]
root      1630  0.0  0.0      0     0 ?        S<   15:51   0:00 [kmpath_handlerd]
root      1668  0.0  0.0      0     0 ?        S<   15:51   0:00 [kjournald]
root      1669  0.0  0.0      0     0 ?        S<   15:51   0:01 [kjournald]
root      1670  0.0  0.0      0     0 ?        S<   15:51   0:01 [kjournald]
root      1671  0.0  0.0      0     0 ?        S<   15:51   0:00 [kjournald]
root      1672  0.0  0.0      0     0 ?        S<   15:51   0:00 [kjournald]
root      1673  0.0  0.0      0     0 ?        S<   15:51   0:00 [kjournald]
root      1674  0.0  0.0      0     0 ?        S<   15:51   0:00 [kjournald]
root      2017  0.4  0.0  23224   276 ?        S<sl 15:51   0:09 auditd
root      2019  0.5  0.0 147448   536 ?        S<sl 15:51   0:11 /sbin/audispd
root      2032  0.0  0.1  19116  9060 ?        Ss   15:51   0:00 /usr/sbin/restorecond
root      2039  0.5  0.0 191752  1112 ?        Sl   15:51   0:11 rsyslogd -c 3
root      2050  0.6  0.0   6840   252 ?        Ss   15:51   0:14 irqbalance
rpc       2056  0.2  0.0  18764   220 ?        Ss   15:51   0:04 rpcbind
rpcuser   2074  0.0  0.0  10244   136 ?        Ss   15:51   0:00 rpc.statd
root      2115  0.2  0.0   4056   112 ?        Ss   15:51   0:05 mdadm --monitor --scan -f --pid-file=/var/run/mdadm/mdadm.pid
root      2137  0.0  0.0      0     0 ?        S<   15:51   0:00 [rpciod/0]
root      2138  0.0  0.0      0     0 ?        S<   15:51   0:00 [rpciod/1]
root      2145  0.0  0.0  55232   504 ?        Ss   15:51   0:00 rpc.idmapd
root      2161  0.0  0.0      0     0 ?        S<   15:51   0:00 [btaddconn]
root      2163  0.0  0.0      0     0 ?        S<   15:51   0:00 [btdelconn]
root      2175  0.0  0.0      0     0 ?        S<   15:51   0:00 [krfcommd]
dbus      2183  0.0  0.0  34648   880 ?        Ssl  15:51   0:01 dbus-daemon --system
root      2230  0.0  0.0  21144   808 ?        Ssl  15:51   0:00 pcscd
root      2238  0.0  0.0   3896   112 ?        Ss   15:51   0:00 /usr/sbin/acpid
68        2246  0.9  0.0  30280  1112 ?        Ss   15:51   0:22 hald
root      2249  0.8  0.0 100784  1664 ?        Ssl  15:51   0:19 /usr/sbin/console-kit-daemon
root      2250  0.4  0.0  17836   192 ?        S    15:51   0:10 hald-runner
root      2330  0.4  0.0  19952   156 ?        S    15:51   0:09 hald-addon-input: Listening on /dev/input/event1 /dev/input/event0 /dev/input/event3
68        2340  0.0  0.0  12456   116 ?        S    15:51   0:00 hald-addon-acpi: listening on acpid socket /var/run/acpid.socket
root      2353  1.0  0.0  19948   256 ?        S    15:51   0:23 hald-addon-storage: polling /dev/sr0 (every 2 sec)
root      2390  4.0  9.3 995728 720052 ?       Ssl  15:51   1:29 /usr/bin/python -E /usr/sbin/setroubleshootd
root      2399  0.0  0.0  63348   568 ?        Ss   15:51   0:00 /usr/sbin/sshd
ntp       2406  0.5  0.0  27652   432 ?        Ss   15:51   0:11 ntpd -u ntp:ntp -p /var/run/ntpd.pid -g
root      2462  0.2  0.0  58636   628 ?        Ss   15:51   0:05 /usr/libexec/postfix/master
root      2470  0.3  0.0   6560   104 ?        Ss   15:51   0:07 /usr/sbin/gpm -m /dev/input/mice -t exps2
postfix   2475  0.1  0.0  58716   596 ?        S    15:51   0:02 pickup -l -t fifo -u
postfix   2476  0.0  0.0  58780   608 ?        S    15:51   0:00 qmgr -l -t fifo -u
root      2479  0.2  0.0 101824   592 ?        Ss   15:51   0:04 crond
root      2487  0.5  0.0  81812   472 ?        Ss   15:51   0:12 kerneloops
root      2493  0.0  0.0  23348   160 ?        Ss   15:51   0:00 /usr/sbin/atd
avahi     2501  0.0  0.0  23316   224 ?        Ss   15:51   0:00 avahi-daemon: running [comp.local]
avahi     2502  0.0  0.0  23316   156 ?        Ss   15:51   0:00 avahi-daemon: chroot helper
root      2509  0.0  0.0 160076  1020 ?        Ss   15:51   0:00 cupsd
root      2530  0.0  0.0  12152   284 ?        S    15:51   0:00 /usr/sbin/smartd -q never
root      2533  0.0  0.0  69748   744 ?        Ss   15:51   0:00 login -- mal     
root      2534  0.0  0.0   3884    76 tty5     Ss+  15:51   0:00 /sbin/mingetty tty5
root      2535  0.0  0.0  69748   744 ?        Ss   15:51   0:00 login -- root     
root      2536  0.0  0.0  69748   740 ?        Ss   15:51   0:00 login -- mal     
root      2537  0.0  0.0   3884    72 tty1     Ss+  15:51   0:00 /sbin/mingetty tty1
root      2538  0.0  0.0   3884    72 tty6     Ss+  15:51   0:00 /sbin/mingetty tty6
root      2575  0.2  0.0  88844   456 tty2     Ss+  15:51   0:04 -bash
mal       2870  0.0  0.0  88848   484 tty3     Ss   15:51   0:00 -bash
root      3314  0.0  0.0  71804   700 ?        S    15:53   0:00 /usr/sbin/nm-system-settings --config /etc/NetworkManager/nm-system-settings.conf
mal       3659  0.1  0.0  88848   488 tty4     Ss+  15:53   0:03 -bash
root      4524  0.0  0.0      0     0 ?        S    16:10   0:00 [pdflush]
root      4525  0.0  0.0      0     0 ?        S    16:10   0:00 [pdflush]
mal       4942  0.0  0.0  86480   184 tty3     S+   16:13   0:00 /bin/sh /usr/bin/startx
mal       4960  0.0  0.0  17404   140 tty3     S+   16:13   0:00 xinit /etc/X11/xinit/xinitrc -- /usr/bin/X :0 -auth /home/mal/.serverauth.4942
root      4961  5.5  0.5 127676 40700 tty7     Rs+  16:13   0:47 /usr/bin/X :0 -auth /home/mal/.serverauth.4942
mal       4990  0.0  0.0  10300    96 ?        Ss   16:13   0:00 /usr/bin/ck-xinit-session /usr/bin/ssh-agent /etc/X11/xinit/Xclients
mal       4999  0.0  0.0  21576   188 ?        S    16:13   0:00 dbus-launch --sh-syntax --exit-with-session
mal       5000  0.0  0.0  34264   500 ?        Ssl  16:13   0:00 /bin/dbus-daemon --fork --print-pid 5 --print-address 7 --session
mal       5008  0.1  0.0 273640  1432 ?        Sl   16:13   0:01 /usr/bin/gnome-session
mal       5016  0.0  0.0      0     0 ?        Zs   16:13   0:00 [ssh-agent] <defunct>
mal       5059  0.2  0.0 109904  4268 ?        S    16:13   0:02 /usr/libexec/gconfd-2 5
mal       5061  0.0  0.0 132200   624 ?        SL   16:13   0:00 /usr/bin/gnome-keyring-daemon
mal       5064  0.2  0.0 405840  2500 ?        Sl   16:13   0:02 /usr/libexec/gnome-settings-daemon
mal       5067  0.6  0.0 237624  3064 ?        Sl   16:13   0:05 /usr/bin/pulseaudio --log-target=syslog
mal       5071  0.0  0.0  47272   312 ?        S    16:13   0:00 /usr/libexec/pulse/gconf-helper
mal       5080  0.3  0.0 218272  1268 ?        Ss   16:13   0:02 gnome-screensaver
mal       5092  0.9  0.3 508536 27116 ?        R    16:13   0:08 nautilus --sm-config-prefix /nautilus-cB3VZW/ --sm-client-id 2bb7338c0-1676-442a-be73-a8fdab16d935 --screen 0 --load-session /home/mal/.nautilus/saved-session-NN52HU
mal       5093  1.0  0.0 315132  6660 ?        S    16:13   0:09 gnome-panel --sm-config-prefix /gnome-panel-HItOu2/ --sm-client-id 2f852b573-83e0-46ac-8f96-7e24675b40bf --screen 0
mal       5095  0.0  0.0 222272   916 ?        Ssl  16:13   0:00 /usr/libexec/bonobo-activation-server --ac-activate --ior-output-fd=16
mal       5098  2.5  0.1 354844 12044 ?        Rl   16:13   0:22 gnome-terminal --sm-config-prefix /gnome-terminal-qXfmwZ/ --sm-client-id 24ffcd028-3337-4481-8dec-99fcdf828b0a --screen 0 --window-with-profile-internal-id=Default --show-menubar --role=gnome-terminal-2485-565029246-1221634466 --active --geometry 80x24+240+55 --title mal@comp90:~ --working-directory /home/mal --zoom 1 --window-with-profile-internal-id=Default --show-menubar --role=gnome-terminal-2485-1599963249-1221634467 --active --geometry 80x24+233+473 --title mal@comp90:~ --working-directory /home/mal --zoom 1 --window-with-profile-internal-id=Default --show-menubar --role=gnome-terminal-2485--733546183-1221634479 --active --geometry 80x24+189+202 --title mal@comp90:~ --working-directory /home/mal --zoom 1
mal       5099  0.0  0.0 196248  1156 ?        S    16:13   0:00 bluetooth-applet --singleton
mal       5101  0.0  0.0 232216  4924 ?        S    16:13   0:00 gpk-update-icon
mal       5112  0.0  0.0 182852   868 ?        S    16:14   0:00 kerneloops-applet
mal       5114  0.0  0.1 269084  8276 ?        S    16:14   0:00 python /usr/share/system-config-printer/applet.py
mal       5115  0.0  0.0 246032  2592 ?        S    16:14   0:00 nm-applet --sm-disable
mal       5118  0.0  0.0 114608   292 ?        S    16:14   0:00 /usr/libexec/gvfsd
mal       5119  0.0  0.0 176008   740 ?        S    16:14   0:00 /usr/bin/pam-panel-icon --sm-client-id 23f0cf53a-eab4-4540-9137-e8915bd37a93
mal       5120  0.3  0.0 302452  2552 ?        Ss   16:14   0:03 gnome-power-manager --sm-config-prefix /gnome-power-manager-G9D3oX/ --sm-client-id 2ed9a5d41-f95f-4879-b173-d7db676593f8 --screen 0
root      5122  0.3  0.0  19120   224 ?        S    16:14   0:03 /sbin/pam_timestamp_check -d root
mal       5130  0.0  0.0  68480   560 ?        Ssl  16:14   0:00 /usr/libexec//gvfs-fuse-daemon /home/mal/.gvfs
mal       5143  0.0  0.0 192760   496 ?        S    16:14   0:00 /usr/libexec/gvfsd-trash --spawner :1.8 /org/gtk/gvfs/exec_spaw/0
mal       5151 80.2 84.8 6958336 6521896 ?     R    16:14  11:32 /usr/bin/python -E /usr/bin/sealert -s
mal       5156  1.2  0.0 300816  6856 ?        S    16:14   0:11 /usr/libexec/wnck-applet --oaf-activate-iid=OAFIID:GNOME_Wncklet_Factory --oaf-ior-fd=22
mal       5159  0.0  0.0 290268  2172 ?        S    16:14   0:00 /usr/libexec/trashapplet --oaf-activate-iid=OAFIID:GNOME_Panel_TrashApplet_Factory --oaf-ior-fd=30
mal       5161  0.0  0.0  10980   104 ?        S    16:14   0:00 gnome-pty-helper
mal       5162  0.0  0.0  88848   472 pts/0    Ss   16:14   0:00 bash
mal       5164  0.0  0.0  88848   532 pts/1    Ss   16:14   0:00 bash
mal       5169  0.0  0.0  88848   476 pts/2    Ss   16:14   0:00 bash
mal       5174  0.0  0.0 114636   292 ?        S    16:14   0:00 /usr/libexec/gvfsd-burn --spawner :1.8 /org/gtk/gvfs/exec_spaw/1
mal       5248  0.7  0.0 344124  5580 ?        S    16:14   0:06 /usr/libexec/clock-applet --oaf-activate-iid=OAFIID:GNOME_ClockApplet_Factory --oaf-ior-fd=23
mal       5250  0.0  0.0 337052  5224 ?        Sl   16:14   0:00 /usr/libexec/mixer_applet2 --oaf-activate-iid=OAFIID:GNOME_MixerApplet_Factory --oaf-ior-fd=32
mal       5253  0.0  0.0 293632  4744 ?        S    16:14   0:00 /usr/libexec/gdm-user-switch-applet --oaf-activate-iid=OAFIID:GNOME_FastUserSwitchApplet_Factory --oaf-ior-fd=38
mal       5255  0.0  0.0 283500  1576 ?        S    16:14   0:00 /usr/libexec/notification-area-applet --oaf-activate-iid=OAFIID:GNOME_NotificationAreaApplet_Factory --oaf-ior-fd=29
root      5316  0.0  0.0 130144   308 pts/2    S    16:16   0:00 su -l
root      5323  0.0  0.0  88848   448 pts/2    S+   16:16   0:00 -bash
root      5363  0.0  0.0 130144   308 pts/0    S    16:17   0:00 su -l
root      5369  0.0  0.0  88848   452 pts/0    S    16:17   0:00 -bash
mal       5582  5.5  0.1 222628 13508 ?        R    16:24   0:12 emacs -fn -bitstream-terminal-medium-r-normal--18-140-100-100-c-110-iso8859-1
mal       5583  3.5  0.0 200700  3816 ?        S    16:25   0:06 metacity --sm-client-id 2670f4421-bcb5-43d5-836d-f83e119ab415
mal       5585  0.0  0.0  86480   248 ?        S    16:25   0:00 /bin/sh /usr/lib64/firefox-3.0.2/run-mozilla.sh /usr/lib64/firefox-3.0.2/firefox
mal       5602 14.5  0.5 555272 41892 ?        Rl   16:25   0:24 /usr/lib64/firefox-3.0.2/firefox
root      5617  0.0  0.0  86484   164 pts/0    S+   16:25   0:00 sh -x vpn/a
root      5637  0.8  0.0  36340   452 pts/0    S+   16:25   0:01 racoon -F -d -d -d
mal       5668 25.5  0.0  88540   536 pts/1    R+   16:28   0:01 ps axuww
Comment 1 Sylwester Zarebski 2008-11-09 18:21:09 EST
The same is on my Fedora 8 with just updated ipsec-tools to version 0.7.1-5.fc8 connecting to Fortigate and another Linux box.

cut interesting from debug log (the rest is similar to reported):

2008-11-09 23:25:23: DEBUG: KEYMAT computed.
2008-11-09 23:25:23: DEBUG: call pk_sendupdate
2008-11-09 23:25:23: DEBUG: encryption(aes)
2008-11-09 23:25:23: DEBUG: hmac(sha1)
2008-11-09 23:25:23: DEBUG: call pfkey_send_update2
2008-11-09 23:25:23: DEBUG: pfkey update sent.
2008-11-09 23:25:23: DEBUG: encryption(aes)
2008-11-09 23:25:23: DEBUG: hmac(sha1)
2008-11-09 23:25:23: ERROR: pfkey add failed.
2008-11-09 23:25:23: ERROR: failed to process packet.
2008-11-09 23:25:23: ERROR: phase2 negotiation failed.
2008-11-09 23:25:23: DEBUG: an undead schedule has been deleted.
2008-11-09 23:25:23: DEBUG: IV freed

Backing to original ipsec-tools-0.7-3.fc8.i386 made my VPN working.
Comment 2 Tomas Mraz 2008-11-10 03:29:43 EST
> every time I start this new ipsec I get OOM kill on 8Gb machine

Do you see the sealert in the ps output? It seems it leaks memory. I don't know whether it is related to this ipsec-tools problem but it should not leak memory anyway. So please open a bug report against setroubleshoot package for the leak problem.
Comment 3 Need Real Name 2008-11-10 03:54:41 EST
yes, this look very much as sealert. I posted setroubleshoot bug report at
https://bugzilla.redhat.com/show_bug.cgi?id=470782
Comment 4 Tomas Mraz 2008-11-10 04:20:11 EST
Hmm actually the failure to connect might be caused by the sealert occupying the memory.

Can you please try to kill it and retry with the ipsec-tools-0.7.1?
Comment 5 Need Real Name 2008-11-10 04:36:15 EST
No, same problem.
The good thing with sealert stopped - machine is stable and does not die.
But VPN link does not get established.

2008-11-10 04:31:02: DEBUG: hmac(hmac_sha1)
2008-11-10 04:31:02: DEBUG: encryption(aes)
2008-11-10 04:31:02: DEBUG: hmac(sha1)
2008-11-10 04:31:02: DEBUG: encklen=256 authklen=160
2008-11-10 04:31:02: DEBUG: generating 640 bits of key (dupkeymat=4)
2008-11-10 04:31:02: DEBUG: generating K1...K4 for KEYMAT.
2008-11-10 04:31:02: DEBUG: hmac(hmac_sha1)
2008-11-10 04:31:02: DEBUG: hmac(hmac_sha1)
2008-11-10 04:31:02: DEBUG: hmac(hmac_sha1)
2008-11-10 04:31:02: DEBUG: 
2008-11-10 04:31:02: DEBUG: KEYMAT computed.
2008-11-10 04:31:02: DEBUG: call pk_sendupdate
2008-11-10 04:31:02: DEBUG: encryption(aes)
2008-11-10 04:31:02: DEBUG: hmac(sha1)
2008-11-10 04:31:02: DEBUG: call pfkey_send_update2
2008-11-10 04:31:02: DEBUG: pfkey update sent.
2008-11-10 04:31:02: DEBUG: encryption(aes)
2008-11-10 04:31:02: DEBUG: hmac(sha1)
2008-11-10 04:31:02: ERROR: pfkey add failed.
2008-11-10 04:31:02: ERROR: failed to process packet.
2008-11-10 04:31:02: ERROR: phase2 negotiation failed.
2008-11-10 04:31:02: DEBUG: an undead schedule has been deleted.
2008-11-10 04:31:02: DEBUG: IV freed
2008-11-10 04:31:02: DEBUG: pk_recv: retry[0] recv() 
2008-11-10 04:31:02: DEBUG: get pfkey UPDATE message
2008-11-10 04:31:02: DEBUG2: 
2008-11-10 04:31:02: DEBUG: seq 55 of UPDATE message not interesting
Comment 6 Need Real Name 2008-11-10 04:38:03 EST
Created attachment 323051 [details]
audit.log

audit.log file, just in case there is some conflict between selinux & racoon
Comment 7 Tomas Mraz 2008-11-10 05:39:22 EST

*** This bug has been marked as a duplicate of bug 470575 ***

Note You need to log in before you can comment on or make changes to this bug.