Bug #2794: The VICI Plugin Crashes the Daemon If the Peer ID Is Absent on Mediation Connections - strongSwan

Bug #2794

The VICI Plugin Crashes the Daemon If the Peer ID Is Absent on Mediation Connections

Added by M Thotager over 2 years ago. Updated about 2 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Tobias Brunner

Category:

vici

Target version:

5.7.2

Start date:

Due date:

Estimated time:

Affected version:

5.7.1

Resolution:

Fixed

Description

Hi Team,

I used the below configuration in the ipsec.conf, I'm able to establish tunnels with the multiple peers as i've not mentioned the me_peerid (accroding to the man page , it says if me_peerid is not given it will take up as the right id which is '%any' in this case).

conn medsrv
                leftid=gateway@medsrv.org
                leftauth=psk
                right=10.11.70.111
                rightid=mediator@strongswan.org
                rightauth=psk
                mediation=yes
                auto=start

conn Gateway-Agent1
            leftauth=psk
            rightauth=psk
            leftid=gateway@strongswan.org
            right=%any
            rightid=%any
            leftsubnet=3.1.1.0/24
            rightsubnet=3.1.1.0/24
            mediated_by=medsrv
            auto=add

But the same functionality i'm not able to achieve through vici interface, if i don't add the "me_peerid" then i'm seeing the below dump. ( I tried with "%any" in the me_peerid then also it is failing but not dumping)

07[DMN] thread 7 received 11
07[LIB]  dumping 1 stack frame addresses:
07[LIB]   /lib/x86_64-linux-gnu/libpthread.so.0 @ 0x7f6f544ec000 [0x7f6f544fd390]
07[LIB]     -> ??:?
 dumping 1 stack frame addresses:
  /lib/x86_64-linux-gnu/libpthread.so.0 @ 0x7f6f544ec000 [0x7f6f544fd390]
    -> ??:?
07[DMN] killing ourself, received critical signal

Thanks,

Associated revisions

Revision 6e9cfe97 (diff)
Added by Tobias Brunner about 2 years ago

vici: Properly handle absence of peer ID on mediation connections

Fixes #2794.

History

#1 Updated by Tobias Brunner over 2 years ago

Tracker changed from Issue to Bug
Description updated (diff)
Category set to vici
Status changed from New to Feedback
Target version set to 5.7.2

I see. I've pushed a fix to the 2794-vici-peer-id branch. Without the patch you have to configure it explicitly (in your case to the same value as the local identity).

#2 Updated by M Thotager over 2 years ago

Thanks Brunner, I will try to apply this patch and verify the scenario

#3 Updated by Tobias Brunner about 2 years ago

Status changed from Feedback to Closed
Assignee set to Tobias Brunner
Resolution set to Fixed

#4 Updated by Tobias Brunner about 2 years ago

Subject changed from Mediation support to The VICI Plugin Crashes the Daemon If the Peer ID Is Absent on Mediation Connections

Also available in: Atom PDF

Project

General

Profile

strongSwan

Issues

New issues