[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

3.3 Current ISAKMPD core crash with Policy Mismatch

To: bugs_(_at_)_openbsd_(_dot_)_org
Subject: 3.3 Current ISAKMPD core crash with Policy Mismatch
From: David Casazza <dave_(_at_)_casazzafamily_(_dot_)_org>
Date: Sun, 25 Jan 2004 10:17:57 -0500

Situation:  Linksys VPN BEFVP41 to OBSD 3.3 Current ipsec link.  IPSEC link 
works perfectly when configured correctly, but with a change to the policy 
file to reject the connection, isakmpd dumps core.  Concerned about 
possible DOS attacks.  See comments below to see where configuration change 
dumps core.

Also attached is tgz file with core dump, gdb -bt output at segmentation 
fault.  Core dump completed with debugging compiled into isakmpd.  What is 
used for 3.3 current isakmpd code is included for reference.

Please inform if I can test patched code or give more information.  I *may* 
be able to donate VPN router if needed.

Configuration that core dumps:

isakmpd.conf:

######################
[Phase 1]
Default=                Dynamic-IP

# Phase 1 peer sections
#######################
[VPN_1]
Phase=                  1
Transport=              udp
Configuration=          PGP-main-mode
Authentication=         <sanitized>

#######################
[Dynamic-IP]
Phase=                  1
Transport=              udp
Configuration=          PGP-main-mode

[PGP-main-mode]
DOI=                    IPSEC
EXCHANGE_TYPE=          AGGRESSIVE
Transforms=             3DES-MD5-GRP2

isakmpd.policy:

KeyNote-Version: 2
Comment: This policy accepts ESP SAs from a remote that uses the right password
Authorizer: "POLICY"
Licensees:  "VPN_1"

Authorizer: "VPN_1"
Licensees: "passphrase:<sanitized>"
Conditions: app_domain == "IPsec policy" &&
             esp_present == "yes" &&
             esp_enc_alg == "3des" &&
             esp_auth_alg == "hmac-md5" &&
             esp_life_seconds == "7200" &&
             esp_encapsulation == "tunnel" &&
             remote_filter_type == "IPv4 subnet" &&
             remote_filter == "192.168.001.000-192.168.001.255" &&
             local_filter_type == "IPv4 subnet" &&
             local_filter == "192.168.000.000-192.168.000.255" &&
             remote_id_type == "User FQDN" &&
             remote_id == "VPN_1" &&
             phase1_group_desc == "2" ;


BEFVP41 configuration:
	VPN Screen:

	Local Secure Group:  192.168.1.0/24
	Remote Secure Group:  192.168.0.0/24
	Remote IP Address:  <sanitized>
	3DES Encryption, MD5 Authentication
	Key Management: Auto IKE
	PFS - Disabled
	Pre-shared Key: <sanitized>
	Key LifeTime:  3600 <- which is causing the policy mismatch and the 
crash.  Changing this to 7200 allows the connection to complete and remain up.

	Advanced Screen:

	Agressive Mode Selected
	VPN_1 Username
	Proposal 1: 3DES Encryption, MD5 Authentication, 1024-bit group, 3600 Key 
Lifetime
	Proposal 2: 3DES Encryption, MD5 Authentication, 1024-bit group, 3600 Key 
Lifetime <- which is causing the policy mismatch and the crash.  Changing 
this to 7200 allows the connection to complete and remain up.
	Anti-replay, Keep-Alive options selected

[demime 0.98d removed an attachment of type application/x-compressed which had a name of isakmpd.tgz]

Prev by Date: Re: i386/3645: Multicast routing broken on i386 (endian problem?)
Next by Date: Re: kernel/3646: pf doesn't properly parse IPv4 addresses any more
Previous by thread: src/usr.sbin/afs
Next by thread: Re: kernel/3646: pf doesn't properly parse IPv4 addresses any more
Index(es):
- Date
- Thread

Visit your host, monkey.org