enkil
Tux's lil' helper
Joined: 27 Apr 2004
Posts: 115
Location: Bern, Switzerland
|
 Posted: Tue Jun 21, 2005 10:38 am Post subject: OpenVPN vs. cisco-vpnclient: Kernel error |
 |
|
I have some troubles running cisco-vpnclient to connect to a corporate network and running an openvpn-server.
I need the cisco-client to have an internet-connection. Running the openvpn-server is no problem at first. But when I stop the openvpn-server, openvpn tries to unload the tap-device which results in the following kernel-error:
| Code: | Jun 21 11:46:33 sphere Unable to handle kernel NULL pointer dereference at virtual address 00000035
Jun 21 11:46:33 sphere printing eip:
Jun 21 11:46:33 sphere e11b033a
Jun 21 11:46:33 sphere *pde = 00000000
Jun 21 11:46:33 sphere Oops: 0000 [#1]
Jun 21 11:46:33 sphere PREEMPT
Jun 21 11:46:33 sphere Modules linked in: cisco_ipsec snd_seq_midi snd_emu10k1_synth snd_emux_synth snd_seq_virmidi snd_seq_midi_emul unionfs ir_kbd_i2c ir_common tuner tvaudio msp3400 bttv video_buf firmware_class btcx_risc tveeprom nvidia apm snd_emu10k1 snd_rawmidi snd_ac97_codec snd_util_mem snd_hwdep
Jun 21 11:46:33 sphere CPU: 0
Jun 21 11:46:33 sphere EIP: 0060:[<e11b033a>] Tainted: P VLI
Jun 21 11:46:33 sphere EFLAGS: 00210202 (2.6.12-gentoo)
Jun 21 11:46:33 sphere EIP is at getbindingbydev+0x1a/0x40 [cisco_ipsec]
Jun 21 11:46:33 sphere eax: 00000001 ebx: e1226660 ecx: 00000014 edx: 00000320
Jun 21 11:46:33 sphere esi: d1a64400 edi: 00000006 ebp: d1a64428 esp: db701ed4
Jun 21 11:46:33 sphere ds: 007b es: 007b ss: 0068
Jun 21 11:46:33 sphere Process openvpn (pid: 19884, threadinfo=db700000 task=c0f410a0)
Jun 21 11:46:33 sphere Stack: ffffffff d1a64400 e11affc0 d1a64400 d1a64428 c0479e37 c05cc860 e11f1164
Jun 21 11:46:33 sphere d1a64400 00000006 e11b02ea d1a64400 c0122285 e11f1164 00000006 d1a64400
Jun 21 11:46:33 sphere d1a64400 d1a64400 c065a1d8 c0441077 c065a5c0 00000006 d1a64400 ffffffff
Jun 21 11:46:33 sphere Call Trace:
Jun 21 11:46:33 sphere [<e11affc0>] remove_netdev+0x20/0x70 [cisco_ipsec]
Jun 21 11:46:33 sphere [<c0479e37>] arp_ifdown+0x17/0x20
Jun 21 11:46:33 sphere [<e11b02ea>] handle_netdev_event+0x3a/0x50 [cisco_ipsec]
Jun 21 11:46:33 sphere [<c0122285>] notifier_call_chain+0x25/0x40
Jun 21 11:46:33 sphere [<c0441077>] unregister_netdevice+0x157/0x290
Jun 21 11:46:33 sphere [<c0366d27>] tun_chr_close+0x87/0x90
Jun 21 11:46:33 sphere [<c01558dc>] __fput+0x15c/0x1a0
Jun 21 11:46:33 sphere [<c0153d02>] filp_close+0x52/0xa0
Jun 21 11:46:33 sphere [<c0153da8>] sys_close+0x58/0xa0
Jun 21 11:46:33 sphere [<c0102d0b>] sysenter_past_esp+0x54/0x75
Jun 21 11:46:33 sphere Code: 00 00 c3 8d b4 26 00 00 00 00 8d bc 27 00 00 00 00 56 31 c9 31 d2 53 8b 74 24 0c bb 40 63 22 e1 90 8b 82 40 63 22 e1 85 c0 74 08 <8b> 40 34 39 46 34 74 11 41 83 c2 28 83 c3 28 83 f9 14 7e e2 5b |
I think the problem is related to the open connection with the cisco-client. If I disconnect my cisco-vpn-connection and try to rmmod cisco_ipsec, rmmod freezes (-f doesn't change anything). Therefor I'm not able to shut down my system properly.
I use ethernet-bridging in openvpn and need a tap-device which is dynamically created/destroyed by the openvpn-server.
I don't think cisco's support is able to help me. In order to allow running the openvpn-server using the tap-device, I had to patch interceptor.c to "unlock" tapX. Otherwise all traffic on the other network-devices (eth1, tap0) is blocked by the cisco-client (*grrr*).
Okay, here's a small summary: If I shut down my openvpn-server while being connected to the corporate-network using cisco-vpnclient, the openvpn-process freezes when trying to unload the tap-device resulting in the mentioned kernel-error. I cannot kill the openvpn-process, nor can I unload the module cisco_ipsec.
Is it possible to create tapX not dynamically but somehow static? If I use openvpn --mktun and change my server-configuration, openvpn is unable to open the created tap-device. |
|
Networking & Security
