An upgrade to ipsec-tools-0.7.1-5.fc9.x86_64 broke my VPN links ipsec-tools-0.7-13.fc9.x86_64 is OK Linux comp 2.6.27.4-24.fc9.x86_64 #1 SMP Tue Nov 4 19:10:40 EST 2008 x86_64 x86_64 x86_64 GNU/Linux phase 1 passes OK, phase 2 fails. there was no such problem with ipsec-tools-0.7-13.fc9.x86_64 loops with 2008-11-09 16:23:22: DEBUG: compute DH's shared. 2008-11-09 16:23:22: DEBUG: 2008-11-09 16:23:22: DEBUG: hmac(hmac_sha1) 2008-11-09 16:23:22: DEBUG: encryption(aes) 2008-11-09 16:23:22: DEBUG: hmac(sha1) 2008-11-09 16:23:22: DEBUG: encklen=256 authklen=160 2008-11-09 16:23:22: DEBUG: generating 640 bits of key (dupkeymat=4) 2008-11-09 16:23:22: DEBUG: generating K1...K4 for KEYMAT. 2008-11-09 16:23:22: DEBUG: hmac(hmac_sha1) 2008-11-09 16:23:22: DEBUG: hmac(hmac_sha1) 2008-11-09 16:23:22: DEBUG: hmac(hmac_sha1) 2008-11-09 16:23:22: DEBUG: 2008-11-09 16:23:22: DEBUG: KEYMAT compute with 2008-11-09 16:23:22: DEBUG: 2008-11-09 16:23:22: DEBUG: hmac(hmac_sha1) 2008-11-09 16:23:22: DEBUG: encryption(aes) 2008-11-09 16:23:22: DEBUG: hmac(sha1) 2008-11-09 16:23:22: DEBUG: encklen=256 authklen=160 2008-11-09 16:23:22: DEBUG: generating 640 bits of key (dupkeymat=4) 2008-11-09 16:23:22: DEBUG: generating K1...K4 for KEYMAT. 2008-11-09 16:23:22: DEBUG: hmac(hmac_sha1) 2008-11-09 16:23:22: DEBUG: hmac(hmac_sha1) 2008-11-09 16:23:22: DEBUG: hmac(hmac_sha1) 2008-11-09 16:23:22: DEBUG: 2008-11-09 16:23:22: DEBUG: KEYMAT computed. 2008-11-09 16:23:22: DEBUG: call pk_sendupdate 2008-11-09 16:23:22: DEBUG: encryption(aes) 2008-11-09 16:23:22: DEBUG: hmac(sha1) 2008-11-09 16:23:22: DEBUG: call pfkey_send_update2 2008-11-09 16:23:22: DEBUG: pfkey update sent. 2008-11-09 16:23:22: DEBUG: encryption(aes) 2008-11-09 16:23:22: DEBUG: hmac(sha1) 2008-11-09 16:23:22: ERROR: pfkey add failed. 2008-11-09 16:23:22: ERROR: failed to process packet. 2008-11-09 16:23:22: ERROR: phase2 negotiation failed. 2008-11-09 16:23:22: DEBUG: an undead schedule has been deleted. 2008-11-09 16:23:22: DEBUG: IV freed 2008-11-09 16:23:22: DEBUG: pk_recv: retry[0] recv() 2008-11-09 16:23:22: DEBUG: get pfkey UPDATE message 2008-11-09 16:23:22: DEBUG2: 2008-11-09 16:23:22: DEBUG: seq 43 of UPDATE message not interesting. 2008-11-09 16:23:47: DEBUG: pk_recv: retry[0] recv() 2008-11-09 16:23:47: DEBUG: get pfkey ACQUIRE message 2008-11-09 16:23:47: DEBUG2: Also, I am not sure where the problem is, every time I start this new ipsec I get OOM kill on 8Gb machine #free total used free shared buffers cached Mem: 7682424 7644384 38040 0 808 7488 -/+ buffers/cache: 7636088 46336 Swap: 0 0 0 /proc/meminfo # cat /proc/meminfo MemTotal: 7682424 kB MemFree: 6958672 kB Buffers: 6232 kB Cached: 265960 kB SwapCached: 0 kB Active: 374988 kB Inactive: 205184 kB SwapTotal: 0 kB SwapFree: 0 kB Dirty: 4 kB Writeback: 0 kB AnonPages: 307980 kB Mapped: 56836 kB Slab: 39096 kB SReclaimable: 15272 kB SUnreclaim: 23824 kB PageTables: 25000 kB NFS_Unstable: 0 kB Bounce: 0 kB WritebackTmp: 0 kB CommitLimit: 3841212 kB Committed_AS: 645008 kB VmallocTotal: 34359738367 kB VmallocUsed: 286440 kB VmallocChunk: 34359451847 kB HugePages_Total: 0 HugePages_Free: 0 HugePages_Rsvd: 0 HugePages_Surp: 0 Hugepagesize: 2048 kB DirectMap4k: 9920 kB DirectMap2M: 7854080 kB # ps axuww USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.0 0.0 4044 256 ? Ss 15:50 0:00 /sbin/init root 2 0.0 0.0 0 0 ? S< 15:50 0:00 [kthreadd] root 3 0.0 0.0 0 0 ? S< 15:50 0:00 [migration/0] root 4 0.0 0.0 0 0 ? S< 15:50 0:00 [ksoftirqd/0] root 5 0.0 0.0 0 0 ? S< 15:50 0:00 [watchdog/0] root 6 0.0 0.0 0 0 ? S< 15:50 0:00 [migration/1] root 7 0.0 0.0 0 0 ? S< 15:50 0:00 [ksoftirqd/1] root 8 0.0 0.0 0 0 ? S< 15:50 0:00 [watchdog/1] root 9 0.0 0.0 0 0 ? S< 15:50 0:00 [events/0] root 10 0.0 0.0 0 0 ? S< 15:50 0:00 [events/1] root 11 0.0 0.0 0 0 ? S< 15:50 0:00 [khelper] root 68 0.0 0.0 0 0 ? S< 15:50 0:00 [kintegrityd/0] root 69 0.0 0.0 0 0 ? S< 15:50 0:00 [kintegrityd/1] root 71 0.0 0.0 0 0 ? S< 15:50 0:00 [kblockd/0] root 72 0.0 0.0 0 0 ? S< 15:50 0:00 [kblockd/1] root 74 0.0 0.0 0 0 ? S< 15:50 0:00 [kacpid] root 75 0.0 0.0 0 0 ? S< 15:50 0:00 [kacpi_notify] root 165 0.0 0.0 0 0 ? S< 15:50 0:00 [cqueue] root 167 0.0 0.0 0 0 ? S< 15:50 0:00 [ksuspend_usbd] root 172 0.0 0.0 0 0 ? S< 15:50 0:00 [khubd] root 175 0.0 0.0 0 0 ? S< 15:50 0:00 [kseriod] root 234 4.4 0.0 0 0 ? R< 15:50 1:41 [kswapd0] root 281 0.0 0.0 0 0 ? S< 15:50 0:00 [aio/0] root 282 0.0 0.0 0 0 ? S< 15:50 0:00 [aio/1] root 460 0.0 0.0 0 0 ? S< 15:50 0:00 [kpsmoused] root 503 0.0 0.0 0 0 ? S< 15:50 0:00 [ata/0] root 504 0.0 0.0 0 0 ? S< 15:50 0:00 [ata/1] root 505 0.0 0.0 0 0 ? S< 15:50 0:00 [ata_aux] root 509 0.0 0.0 0 0 ? S< 15:50 0:00 [scsi_eh_0] root 510 0.0 0.0 0 0 ? S< 15:50 0:00 [scsi_eh_1] root 511 0.0 0.0 0 0 ? S< 15:50 0:00 [scsi_eh_2] root 512 0.0 0.0 0 0 ? S< 15:50 0:00 [scsi_eh_3] root 513 0.0 0.0 0 0 ? S< 15:50 0:00 [scsi_eh_4] root 514 0.0 0.0 0 0 ? S< 15:50 0:00 [scsi_eh_5] root 523 0.0 0.0 0 0 ? S< 15:51 0:00 [kjournald] root 577 0.0 0.0 13436 1144 ? S<s 15:51 0:00 /sbin/udevd -d root 960 0.0 0.0 0 0 ? S< 15:51 0:00 [scsi_eh_6] root 964 0.0 0.0 0 0 ? S< 15:51 0:00 [scsi_eh_7] root 1119 0.1 0.0 0 0 ? S< 15:51 0:02 [kauditd] root 1593 0.0 0.0 0 0 ? S< 15:51 0:00 [md0_raid1] root 1612 0.0 0.0 0 0 ? S< 15:51 0:00 [kstriped] root 1627 0.0 0.0 0 0 ? S< 15:51 0:00 [kmpathd/0] root 1629 0.0 0.0 0 0 ? S< 15:51 0:00 [kmpathd/1] root 1630 0.0 0.0 0 0 ? S< 15:51 0:00 [kmpath_handlerd] root 1668 0.0 0.0 0 0 ? S< 15:51 0:00 [kjournald] root 1669 0.0 0.0 0 0 ? S< 15:51 0:01 [kjournald] root 1670 0.0 0.0 0 0 ? S< 15:51 0:01 [kjournald] root 1671 0.0 0.0 0 0 ? S< 15:51 0:00 [kjournald] root 1672 0.0 0.0 0 0 ? S< 15:51 0:00 [kjournald] root 1673 0.0 0.0 0 0 ? S< 15:51 0:00 [kjournald] root 1674 0.0 0.0 0 0 ? S< 15:51 0:00 [kjournald] root 2017 0.4 0.0 23224 276 ? S<sl 15:51 0:09 auditd root 2019 0.5 0.0 147448 536 ? S<sl 15:51 0:11 /sbin/audispd root 2032 0.0 0.1 19116 9060 ? Ss 15:51 0:00 /usr/sbin/restorecond root 2039 0.5 0.0 191752 1112 ? Sl 15:51 0:11 rsyslogd -c 3 root 2050 0.6 0.0 6840 252 ? Ss 15:51 0:14 irqbalance rpc 2056 0.2 0.0 18764 220 ? Ss 15:51 0:04 rpcbind rpcuser 2074 0.0 0.0 10244 136 ? Ss 15:51 0:00 rpc.statd root 2115 0.2 0.0 4056 112 ? Ss 15:51 0:05 mdadm --monitor --scan -f --pid-file=/var/run/mdadm/mdadm.pid root 2137 0.0 0.0 0 0 ? S< 15:51 0:00 [rpciod/0] root 2138 0.0 0.0 0 0 ? S< 15:51 0:00 [rpciod/1] root 2145 0.0 0.0 55232 504 ? Ss 15:51 0:00 rpc.idmapd root 2161 0.0 0.0 0 0 ? S< 15:51 0:00 [btaddconn] root 2163 0.0 0.0 0 0 ? S< 15:51 0:00 [btdelconn] root 2175 0.0 0.0 0 0 ? S< 15:51 0:00 [krfcommd] dbus 2183 0.0 0.0 34648 880 ? Ssl 15:51 0:01 dbus-daemon --system root 2230 0.0 0.0 21144 808 ? Ssl 15:51 0:00 pcscd root 2238 0.0 0.0 3896 112 ? Ss 15:51 0:00 /usr/sbin/acpid 68 2246 0.9 0.0 30280 1112 ? Ss 15:51 0:22 hald root 2249 0.8 0.0 100784 1664 ? Ssl 15:51 0:19 /usr/sbin/console-kit-daemon root 2250 0.4 0.0 17836 192 ? S 15:51 0:10 hald-runner root 2330 0.4 0.0 19952 156 ? S 15:51 0:09 hald-addon-input: Listening on /dev/input/event1 /dev/input/event0 /dev/input/event3 68 2340 0.0 0.0 12456 116 ? S 15:51 0:00 hald-addon-acpi: listening on acpid socket /var/run/acpid.socket root 2353 1.0 0.0 19948 256 ? S 15:51 0:23 hald-addon-storage: polling /dev/sr0 (every 2 sec) root 2390 4.0 9.3 995728 720052 ? Ssl 15:51 1:29 /usr/bin/python -E /usr/sbin/setroubleshootd root 2399 0.0 0.0 63348 568 ? Ss 15:51 0:00 /usr/sbin/sshd ntp 2406 0.5 0.0 27652 432 ? Ss 15:51 0:11 ntpd -u ntp:ntp -p /var/run/ntpd.pid -g root 2462 0.2 0.0 58636 628 ? Ss 15:51 0:05 /usr/libexec/postfix/master root 2470 0.3 0.0 6560 104 ? Ss 15:51 0:07 /usr/sbin/gpm -m /dev/input/mice -t exps2 postfix 2475 0.1 0.0 58716 596 ? S 15:51 0:02 pickup -l -t fifo -u postfix 2476 0.0 0.0 58780 608 ? S 15:51 0:00 qmgr -l -t fifo -u root 2479 0.2 0.0 101824 592 ? Ss 15:51 0:04 crond root 2487 0.5 0.0 81812 472 ? Ss 15:51 0:12 kerneloops root 2493 0.0 0.0 23348 160 ? Ss 15:51 0:00 /usr/sbin/atd avahi 2501 0.0 0.0 23316 224 ? Ss 15:51 0:00 avahi-daemon: running [comp.local] avahi 2502 0.0 0.0 23316 156 ? Ss 15:51 0:00 avahi-daemon: chroot helper root 2509 0.0 0.0 160076 1020 ? Ss 15:51 0:00 cupsd root 2530 0.0 0.0 12152 284 ? S 15:51 0:00 /usr/sbin/smartd -q never root 2533 0.0 0.0 69748 744 ? Ss 15:51 0:00 login -- mal root 2534 0.0 0.0 3884 76 tty5 Ss+ 15:51 0:00 /sbin/mingetty tty5 root 2535 0.0 0.0 69748 744 ? Ss 15:51 0:00 login -- root root 2536 0.0 0.0 69748 740 ? Ss 15:51 0:00 login -- mal root 2537 0.0 0.0 3884 72 tty1 Ss+ 15:51 0:00 /sbin/mingetty tty1 root 2538 0.0 0.0 3884 72 tty6 Ss+ 15:51 0:00 /sbin/mingetty tty6 root 2575 0.2 0.0 88844 456 tty2 Ss+ 15:51 0:04 -bash mal 2870 0.0 0.0 88848 484 tty3 Ss 15:51 0:00 -bash root 3314 0.0 0.0 71804 700 ? S 15:53 0:00 /usr/sbin/nm-system-settings --config /etc/NetworkManager/nm-system-settings.conf mal 3659 0.1 0.0 88848 488 tty4 Ss+ 15:53 0:03 -bash root 4524 0.0 0.0 0 0 ? S 16:10 0:00 [pdflush] root 4525 0.0 0.0 0 0 ? S 16:10 0:00 [pdflush] mal 4942 0.0 0.0 86480 184 tty3 S+ 16:13 0:00 /bin/sh /usr/bin/startx mal 4960 0.0 0.0 17404 140 tty3 S+ 16:13 0:00 xinit /etc/X11/xinit/xinitrc -- /usr/bin/X :0 -auth /home/mal/.serverauth.4942 root 4961 5.5 0.5 127676 40700 tty7 Rs+ 16:13 0:47 /usr/bin/X :0 -auth /home/mal/.serverauth.4942 mal 4990 0.0 0.0 10300 96 ? Ss 16:13 0:00 /usr/bin/ck-xinit-session /usr/bin/ssh-agent /etc/X11/xinit/Xclients mal 4999 0.0 0.0 21576 188 ? S 16:13 0:00 dbus-launch --sh-syntax --exit-with-session mal 5000 0.0 0.0 34264 500 ? Ssl 16:13 0:00 /bin/dbus-daemon --fork --print-pid 5 --print-address 7 --session mal 5008 0.1 0.0 273640 1432 ? Sl 16:13 0:01 /usr/bin/gnome-session mal 5016 0.0 0.0 0 0 ? Zs 16:13 0:00 [ssh-agent] <defunct> mal 5059 0.2 0.0 109904 4268 ? S 16:13 0:02 /usr/libexec/gconfd-2 5 mal 5061 0.0 0.0 132200 624 ? SL 16:13 0:00 /usr/bin/gnome-keyring-daemon mal 5064 0.2 0.0 405840 2500 ? Sl 16:13 0:02 /usr/libexec/gnome-settings-daemon mal 5067 0.6 0.0 237624 3064 ? Sl 16:13 0:05 /usr/bin/pulseaudio --log-target=syslog mal 5071 0.0 0.0 47272 312 ? S 16:13 0:00 /usr/libexec/pulse/gconf-helper mal 5080 0.3 0.0 218272 1268 ? Ss 16:13 0:02 gnome-screensaver mal 5092 0.9 0.3 508536 27116 ? R 16:13 0:08 nautilus --sm-config-prefix /nautilus-cB3VZW/ --sm-client-id 2bb7338c0-1676-442a-be73-a8fdab16d935 --screen 0 --load-session /home/mal/.nautilus/saved-session-NN52HU mal 5093 1.0 0.0 315132 6660 ? S 16:13 0:09 gnome-panel --sm-config-prefix /gnome-panel-HItOu2/ --sm-client-id 2f852b573-83e0-46ac-8f96-7e24675b40bf --screen 0 mal 5095 0.0 0.0 222272 916 ? Ssl 16:13 0:00 /usr/libexec/bonobo-activation-server --ac-activate --ior-output-fd=16 mal 5098 2.5 0.1 354844 12044 ? Rl 16:13 0:22 gnome-terminal --sm-config-prefix /gnome-terminal-qXfmwZ/ --sm-client-id 24ffcd028-3337-4481-8dec-99fcdf828b0a --screen 0 --window-with-profile-internal-id=Default --show-menubar --role=gnome-terminal-2485-565029246-1221634466 --active --geometry 80x24+240+55 --title mal@comp90:~ --working-directory /home/mal --zoom 1 --window-with-profile-internal-id=Default --show-menubar --role=gnome-terminal-2485-1599963249-1221634467 --active --geometry 80x24+233+473 --title mal@comp90:~ --working-directory /home/mal --zoom 1 --window-with-profile-internal-id=Default --show-menubar --role=gnome-terminal-2485--733546183-1221634479 --active --geometry 80x24+189+202 --title mal@comp90:~ --working-directory /home/mal --zoom 1 mal 5099 0.0 0.0 196248 1156 ? S 16:13 0:00 bluetooth-applet --singleton mal 5101 0.0 0.0 232216 4924 ? S 16:13 0:00 gpk-update-icon mal 5112 0.0 0.0 182852 868 ? S 16:14 0:00 kerneloops-applet mal 5114 0.0 0.1 269084 8276 ? S 16:14 0:00 python /usr/share/system-config-printer/applet.py mal 5115 0.0 0.0 246032 2592 ? S 16:14 0:00 nm-applet --sm-disable mal 5118 0.0 0.0 114608 292 ? S 16:14 0:00 /usr/libexec/gvfsd mal 5119 0.0 0.0 176008 740 ? S 16:14 0:00 /usr/bin/pam-panel-icon --sm-client-id 23f0cf53a-eab4-4540-9137-e8915bd37a93 mal 5120 0.3 0.0 302452 2552 ? Ss 16:14 0:03 gnome-power-manager --sm-config-prefix /gnome-power-manager-G9D3oX/ --sm-client-id 2ed9a5d41-f95f-4879-b173-d7db676593f8 --screen 0 root 5122 0.3 0.0 19120 224 ? S 16:14 0:03 /sbin/pam_timestamp_check -d root mal 5130 0.0 0.0 68480 560 ? Ssl 16:14 0:00 /usr/libexec//gvfs-fuse-daemon /home/mal/.gvfs mal 5143 0.0 0.0 192760 496 ? S 16:14 0:00 /usr/libexec/gvfsd-trash --spawner :1.8 /org/gtk/gvfs/exec_spaw/0 mal 5151 80.2 84.8 6958336 6521896 ? R 16:14 11:32 /usr/bin/python -E /usr/bin/sealert -s mal 5156 1.2 0.0 300816 6856 ? S 16:14 0:11 /usr/libexec/wnck-applet --oaf-activate-iid=OAFIID:GNOME_Wncklet_Factory --oaf-ior-fd=22 mal 5159 0.0 0.0 290268 2172 ? S 16:14 0:00 /usr/libexec/trashapplet --oaf-activate-iid=OAFIID:GNOME_Panel_TrashApplet_Factory --oaf-ior-fd=30 mal 5161 0.0 0.0 10980 104 ? S 16:14 0:00 gnome-pty-helper mal 5162 0.0 0.0 88848 472 pts/0 Ss 16:14 0:00 bash mal 5164 0.0 0.0 88848 532 pts/1 Ss 16:14 0:00 bash mal 5169 0.0 0.0 88848 476 pts/2 Ss 16:14 0:00 bash mal 5174 0.0 0.0 114636 292 ? S 16:14 0:00 /usr/libexec/gvfsd-burn --spawner :1.8 /org/gtk/gvfs/exec_spaw/1 mal 5248 0.7 0.0 344124 5580 ? S 16:14 0:06 /usr/libexec/clock-applet --oaf-activate-iid=OAFIID:GNOME_ClockApplet_Factory --oaf-ior-fd=23 mal 5250 0.0 0.0 337052 5224 ? Sl 16:14 0:00 /usr/libexec/mixer_applet2 --oaf-activate-iid=OAFIID:GNOME_MixerApplet_Factory --oaf-ior-fd=32 mal 5253 0.0 0.0 293632 4744 ? S 16:14 0:00 /usr/libexec/gdm-user-switch-applet --oaf-activate-iid=OAFIID:GNOME_FastUserSwitchApplet_Factory --oaf-ior-fd=38 mal 5255 0.0 0.0 283500 1576 ? S 16:14 0:00 /usr/libexec/notification-area-applet --oaf-activate-iid=OAFIID:GNOME_NotificationAreaApplet_Factory --oaf-ior-fd=29 root 5316 0.0 0.0 130144 308 pts/2 S 16:16 0:00 su -l root 5323 0.0 0.0 88848 448 pts/2 S+ 16:16 0:00 -bash root 5363 0.0 0.0 130144 308 pts/0 S 16:17 0:00 su -l root 5369 0.0 0.0 88848 452 pts/0 S 16:17 0:00 -bash mal 5582 5.5 0.1 222628 13508 ? R 16:24 0:12 emacs -fn -bitstream-terminal-medium-r-normal--18-140-100-100-c-110-iso8859-1 mal 5583 3.5 0.0 200700 3816 ? S 16:25 0:06 metacity --sm-client-id 2670f4421-bcb5-43d5-836d-f83e119ab415 mal 5585 0.0 0.0 86480 248 ? S 16:25 0:00 /bin/sh /usr/lib64/firefox-3.0.2/run-mozilla.sh /usr/lib64/firefox-3.0.2/firefox mal 5602 14.5 0.5 555272 41892 ? Rl 16:25 0:24 /usr/lib64/firefox-3.0.2/firefox root 5617 0.0 0.0 86484 164 pts/0 S+ 16:25 0:00 sh -x vpn/a root 5637 0.8 0.0 36340 452 pts/0 S+ 16:25 0:01 racoon -F -d -d -d mal 5668 25.5 0.0 88540 536 pts/1 R+ 16:28 0:01 ps axuww
The same is on my Fedora 8 with just updated ipsec-tools to version 0.7.1-5.fc8 connecting to Fortigate and another Linux box. cut interesting from debug log (the rest is similar to reported): 2008-11-09 23:25:23: DEBUG: KEYMAT computed. 2008-11-09 23:25:23: DEBUG: call pk_sendupdate 2008-11-09 23:25:23: DEBUG: encryption(aes) 2008-11-09 23:25:23: DEBUG: hmac(sha1) 2008-11-09 23:25:23: DEBUG: call pfkey_send_update2 2008-11-09 23:25:23: DEBUG: pfkey update sent. 2008-11-09 23:25:23: DEBUG: encryption(aes) 2008-11-09 23:25:23: DEBUG: hmac(sha1) 2008-11-09 23:25:23: ERROR: pfkey add failed. 2008-11-09 23:25:23: ERROR: failed to process packet. 2008-11-09 23:25:23: ERROR: phase2 negotiation failed. 2008-11-09 23:25:23: DEBUG: an undead schedule has been deleted. 2008-11-09 23:25:23: DEBUG: IV freed Backing to original ipsec-tools-0.7-3.fc8.i386 made my VPN working.
> every time I start this new ipsec I get OOM kill on 8Gb machine Do you see the sealert in the ps output? It seems it leaks memory. I don't know whether it is related to this ipsec-tools problem but it should not leak memory anyway. So please open a bug report against setroubleshoot package for the leak problem.
yes, this look very much as sealert. I posted setroubleshoot bug report at https://bugzilla.redhat.com/show_bug.cgi?id=470782
Hmm actually the failure to connect might be caused by the sealert occupying the memory. Can you please try to kill it and retry with the ipsec-tools-0.7.1?
No, same problem. The good thing with sealert stopped - machine is stable and does not die. But VPN link does not get established. 2008-11-10 04:31:02: DEBUG: hmac(hmac_sha1) 2008-11-10 04:31:02: DEBUG: encryption(aes) 2008-11-10 04:31:02: DEBUG: hmac(sha1) 2008-11-10 04:31:02: DEBUG: encklen=256 authklen=160 2008-11-10 04:31:02: DEBUG: generating 640 bits of key (dupkeymat=4) 2008-11-10 04:31:02: DEBUG: generating K1...K4 for KEYMAT. 2008-11-10 04:31:02: DEBUG: hmac(hmac_sha1) 2008-11-10 04:31:02: DEBUG: hmac(hmac_sha1) 2008-11-10 04:31:02: DEBUG: hmac(hmac_sha1) 2008-11-10 04:31:02: DEBUG: 2008-11-10 04:31:02: DEBUG: KEYMAT computed. 2008-11-10 04:31:02: DEBUG: call pk_sendupdate 2008-11-10 04:31:02: DEBUG: encryption(aes) 2008-11-10 04:31:02: DEBUG: hmac(sha1) 2008-11-10 04:31:02: DEBUG: call pfkey_send_update2 2008-11-10 04:31:02: DEBUG: pfkey update sent. 2008-11-10 04:31:02: DEBUG: encryption(aes) 2008-11-10 04:31:02: DEBUG: hmac(sha1) 2008-11-10 04:31:02: ERROR: pfkey add failed. 2008-11-10 04:31:02: ERROR: failed to process packet. 2008-11-10 04:31:02: ERROR: phase2 negotiation failed. 2008-11-10 04:31:02: DEBUG: an undead schedule has been deleted. 2008-11-10 04:31:02: DEBUG: IV freed 2008-11-10 04:31:02: DEBUG: pk_recv: retry[0] recv() 2008-11-10 04:31:02: DEBUG: get pfkey UPDATE message 2008-11-10 04:31:02: DEBUG2: 2008-11-10 04:31:02: DEBUG: seq 55 of UPDATE message not interesting
Created attachment 323051 [details] audit.log audit.log file, just in case there is some conflict between selinux & racoon
*** This bug has been marked as a duplicate of bug 470575 ***