A client needs to have a Site to Site VPN between a server at their office and a NetScreen at their colo.
I did a fresh new install of Leopard Server fully and cleanly updated to 10.5.8 running on a G4 MacMini to make sure I can configure both sides properly.
My test Server is on a clean public static IP address for the built-in ethernet.
Secondary ethernet using a USB Ethernet adapter for the private side of the network.
System has no issues until…..
I used the s2svpnadmin cli tool to create a new shared-secret IPSec tunnel to a NetScreen at our colo.
Very basic setup, nothing fancy (not like the tool lets you do anything fancy.)
After creating the config I start to get these entries in my system.log:
Mar 10 12:55:56 test1 vpnd[1614]: Server ‘TestColo’ starting…
Mar 10 12:55:56 test1 TestColo[1614]: 2010-03-10 12:55:56 CSTÂ Â Â Server ‘TestColo’ starting…
Mar 10 12:55:56 test1 vpnd[1614]: Listening for connections…
Mar 10 12:55:56 test1 TestColo[1614]: 2010-03-10 12:55:56 CSTÂ Â Â Listening for connections…
Mar 10 12:55:57 test1 ReportCrash[1615]: Formulating crash report for process vpnd[1614]
Mar 10 12:55:57 test1 com.apple.launchd[1] (TestColo[1614]): Exited abnormally: Bus error
Mar 10 12:55:57 test1 com.apple.launchd[1] (TestColo): Throttling respawn: Will start in 9 seconds
Mar 10 12:55:57 test1 ReportCrash[1615]: Saved crashreport to /Library/Logs/CrashReporter/vpnd_2010-03-10-125556_MacServe-Test1.crash using uid: 0 gid: 0, euid: 0 egid: 0
and looking at the crash report:
Process:Â Â Â Â Â Â Â Â vpnd [1614]
Path:Â Â Â Â Â Â Â Â Â Â Â /usr/sbin/vpnd
Identifier:Â Â Â Â Â vpnd
Version:Â Â Â Â Â Â Â Â ??? (???)
Code Type:Â Â Â Â Â Â PPC (Native)
Parent Process:Â launchd [1]
Date/Time:Â Â Â Â Â Â 2010-03-10 12:55:56.252 -0600
OS Version:Â Â Â Â Â Mac OS X Server 10.5.8 (9L34)
Report Version:Â 6
Anonymous UUID:Â 7E25DC5D-7D93-42B5-8F69-F7C823244418
Exception Type:Â EXC_BAD_ACCESS (SIGBUS)
Exception Codes: KERN_PROTECTION_FAILURE at 0x0000000000000000
Crashed Thread:Â 0
Thread 0 Crashed:
0  ???                             0000000000 0 + 0
1  vpnd                            0x0000444c accept_connections + 1280
2  vpnd                            0x00002a08 main + 1572
3  vpnd                            0x00001a48 start + 68
4  ???                             0000000000 0 + 0
Thread 0 crashed with PPC Thread State 32:
srr0: 0x00000000Â srr1: 0x4200f030Â Â dar: 0x000513b0 dsisr: 0x42000000
…. etc. etc.
I do NOT have the VPN service “running”.
I did find this post on Apple discussions:
http://discussions.apple.com/thread.jspa?threadID=1491028#7116067
and followed the posters directions for manually starting the tunnel.
I still get a bit of fussing, but no crash.
I checked the IPSec SA/SPD info with setkey -PD and some basic pings across the network and the tunnel is active.
The crashing doesn’t seem to be cpu arch dependent as my system is ppc and the OP on the Apple board is using a x86 machine.
Kind of a bummer. It looks like there is probably some really simple issue here as the crash apparently happens very early in the setup process: “accept_connections”.
Hopefully this will help someone in the future.
Oh and FYI:
Leopard Server IPSec parameters for a Shared Secret based VPN:
Phase 1: DiffieHellman Group 2, 3DES, MD5, lifetime: 28800
Phase 2: No Perfect Forward Secrecy; Encapsulated Packet (no AH); AES128 encryption; SHA1 hash; lifetime: 3600; Compression: Deflate (this is optional)