forum.excito.com

Posted: **11 Aug 2011, 10:18**

My first post and immediately starting with a problem.

First of all I love the forum and the wiki. They've been a lot of help tweaking the B3 I recently purchased. Big thumbs up for all the help sofar.

Now for my problem. I followed the wiki on enabling ipsec and this appears to work fine as long as I use small portions of data, such as ping and listing folder contents through samba. However if I try to copy a file or access the B3 admin site, I'm seeing kernel messages being spit out:

Code: Select all

Message from syslogd@babaorum at Aug 11 15:13:54 ...
 kernel:[67605.757933] Internal error: Oops: 5 [#1]

Message from syslogd@babaorum at Aug 11 15:13:54 ...
 kernel:[67605.761834] last sysfs file: /sys/module/ecb/initstate

Message from syslogd@babaorum at Aug 11 15:13:54 ...
 kernel:[67605.887772] Process mv_crypto (pid: 563, stack limit = 0xdfb80270)

Message from syslogd@babaorum at Aug 11 15:13:54 ...
 kernel:[67605.893924] Stack: (0xdfb81ef4 to 0xdfb82000)

Message from syslogd@babaorum at Aug 11 15:13:54 ...
 kernel:[67605.898264] 1ee0:                                              000005c8 000005f0 00000028

Message from syslogd@babaorum at Aug 11 15:13:54 ...
 kernel:[67605.906405] 1f00: e0880080 e0880648 dfb516ec bf070c88 dfb516c0 000005f0 dd102520 bf071ea4

Message from syslogd@babaorum at Aug 11 15:13:54 ...
 kernel:[67605.914553] 1f20: dd1024e0 c037c4b0 dfb81f7c dfb81f38 bf070f04 bf070bf8 00000070 00000000

Message from syslogd@babaorum at Aug 11 15:13:54 ...
 kernel:[67605.922700] 1f40: 00000000 00000000 00000000 05f00080 00000000 00000000 dd1024e0 c7ee94c0

Message from syslogd@babaorum at Aug 11 15:13:54 ...
 kernel:[67605.930848] 1f60: bf071ea4 dfb80000 dd102520 00000000 dfb81fbc dfb81f80 bf0715b8 bf070e6c

Message from syslogd@babaorum at Aug 11 15:13:54 ...
 kernel:[67605.938995] 1f80: 000005f0 dfb516ec 00000000 dfb516c0 dfb81fbc dfb27cd8 dfb516c0 bf071144

Message from syslogd@babaorum at Aug 11 15:13:54 ...
 kernel:[67605.947142] 1fa0: 00000013 00000000 00000000 00000000 dfb81ff4 dfb81fc0 c0059708 bf071154

Message from syslogd@babaorum at Aug 11 15:13:54 ...
 kernel:[67605.955290] 1fc0: dfb27cd8 00000000 dfb516c0 00000000 dfb81fd0 dfb81fd0 00000000 dfb27cd8

Message from syslogd@babaorum at Aug 11 15:13:54 ...
 kernel:[67605.963437] 1fe0: c0059680 c004305c 00000000 dfb81ff8 c004305c c0059690 00000000 00000000

Message from syslogd@babaorum at Aug 11 15:13:54 ...
 kernel:[67606.026603] Code: ba000002 f5d1f03c f5d1f05c f5d1f07c (e8b151f8)

At this point the xfrm and esp modules are locked in memory and I have to restart the B3 to continue.

Anyone have a clue what's causing this and better still how to solve it?

Posted: **15 Aug 2011, 09:48**

I think I fixed it. Still testing to verify.

In short, something appears to be wrong with authcrypto in the ARM kernel. I installed the KLIPS module from the openswan source, which is actually what I'm also using on the LEAF box at the other end. Best thing yet is that this module gives me the ipsec0 device, offering a better way to view vpn traffic with tcpdump.

Posted: **18 Aug 2011, 12:50**

Confirmed

No more crashes since I switched to KLIPS. Should probably add this to the wiki.

# Note: regular manual will tell you to apt-get the openswan-modules-source, in which case you'll be pulling in the 2.6.28 version. I'm not sure why, but this one does not compile. Just get the latest one from the openswan site at http://www.openswan.org/code/ (currently version 2.6.35)

# Assuming you followed the wiki on enabling ipsec

Code: Select all

~# su -
~# cd /usr/src
/usr/src# wget http://www.openswan.org/download/openswan-2.6.35.tar.gz
/usr/src# tar jxvf openswan-2.6.35.tar.gz
/usr/src# cd openswan-2.6.35
/usr/src# make KERNELSRC=/lib/modules/`uname -r`/build module module_install
/usr/src#

# restart ipsec and verify that you now have an ipsec0 interface

Code: Select all

~# /etc/init.d/ipsec restart
ipsec_setup: Stopping Openswan IPsec...
ipsec_setup: Starting Openswan IPsec U2.6.28/K2.6.35...
~# ip addr show dev ipsec0
10: ipsec0: <NOARP,UP,LOWER_UP> mtu 16260 qdisc pfifo_fast state UNKNOWN qlen 10
    link/ether ??:??:??:??:??:?? brd ff:ff:ff:ff:ff:ff
    inet ???.???.???.???/?? brd 255.255.255.255 scope global ipsec0
    inet6 ????::???:???:????:????/?? scope link
       valid_lft forever preferred_lft forever
~#

(of course you will see something meaningful there instead of questionmarks. Note the versions that are printed when starting ipsec - K2.6.35 is the KLIPS version, not the kernel version!

Posted: **19 Aug 2011, 03:43**

Thanks a lot for posting your findings, appreciated!

Posted: **27 Dec 2011, 15:22**

Hi Gordon,

thanks a lot. You saved me a lot of time today, because I stumbled over the same problem. Moreover, I have bundled the openswan-module for the KLIPS stack in a suitable debian package such that other's don't need to recompile from the kernel (which can be a painful activity). Details can be found at this post: http://blog.schmoigl-online.de/?p=536.

forum.excito.com

[Solved] Oops on mv_crypto

[Solved] Oops on mv_crypto

Re: Oops on mv_crypto

Re: Oops on mv_crypto

Re: Oops on mv_crypto

Re: [Solved] Oops on mv_crypto