A client needs to have a Site to Site VPN between a server at their office and a NetScreen at their colo.<\/p>\n
I did a fresh new install of Leopard Server fully and cleanly updated to 10.5.8 running on a G4 MacMini to make sure I can configure both sides properly.
\nMy test Server is on a clean public static IP address for the built-in ethernet.
\nSecondary ethernet using a USB Ethernet adapter for the private side of the network.<\/p>\n
System has no issues until…..<\/p>\n
I used the s2svpnadmin cli tool to create a new shared-secret IPSec tunnel to a NetScreen at our colo.
\nVery basic setup, nothing fancy (not like the tool lets you do anything fancy.)<\/p>\n
After creating the config I start to get these entries in my system.log:<\/p>\n
Mar 10 12:55:56 test1 vpnd[1614]: Server ‘TestColo’ starting…
\nMar 10 12:55:56 test1 TestColo[1614]: 2010-03-10 12:55:56 CST\u00c2\u00a0\u00c2\u00a0 \u00c2\u00a0Server ‘TestColo’ starting…
\nMar 10 12:55:56 test1 vpnd[1614]: Listening for connections…
\nMar 10 12:55:56 test1 TestColo[1614]: 2010-03-10 12:55:56 CST\u00c2\u00a0\u00c2\u00a0 \u00c2\u00a0Listening for connections…
\nMar 10 12:55:57 test1 ReportCrash[1615]: Formulating crash report for process vpnd[1614]
\nMar 10 12:55:57 test1 com.apple.launchd[1] (TestColo[1614]): Exited abnormally: Bus error
\nMar 10 12:55:57 test1 com.apple.launchd[1] (TestColo): Throttling respawn: Will start in 9 seconds
\nMar 10 12:55:57 test1 ReportCrash[1615]: Saved crashreport to \/Library\/Logs\/CrashReporter\/vpnd_2010-03-10-125556_MacServe-Test1.crash using uid: 0 gid: 0, euid: 0 egid: 0<\/p>\n
and looking at the crash report:<\/p>\n
Process:\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0 vpnd [1614]
\nPath:\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0 \/usr\/sbin\/vpnd
\nIdentifier:\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0 vpnd
\nVersion:\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0 ??? (???)
\nCode Type:\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0 PPC (Native)
\nParent Process:\u00c2\u00a0 launchd [1]<\/p>\n
Date\/Time:\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0 2010-03-10 12:55:56.252 -0600
\nOS Version:\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0 Mac OS X Server 10.5.8 (9L34)
\nReport Version:\u00c2\u00a0 6
\nAnonymous UUID:\u00c2\u00a0 7E25DC5D-7D93-42B5-8F69-F7C823244418<\/p>\n
Exception Type:\u00c2\u00a0 EXC_BAD_ACCESS (SIGBUS)
\nException Codes: KERN_PROTECTION_FAILURE at 0x0000000000000000
\nCrashed Thread:\u00c2\u00a0 0<\/p>\n
Thread 0 Crashed:
\n0\u00c2\u00a0\u00c2\u00a0 ???\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0 \u00c2\u00a0\u00c2\u00a0\u00c2\u00a0 \u00c2\u00a00000000000 0 + 0
\n1\u00c2\u00a0\u00c2\u00a0 vpnd\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0 \u00c2\u00a0\u00c2\u00a0\u00c2\u00a0 \u00c2\u00a00x0000444c accept_connections + 1280
\n2\u00c2\u00a0\u00c2\u00a0 vpnd\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0 \u00c2\u00a0\u00c2\u00a0\u00c2\u00a0 \u00c2\u00a00x00002a08 main + 1572
\n3\u00c2\u00a0\u00c2\u00a0 vpnd\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0 \u00c2\u00a0\u00c2\u00a0\u00c2\u00a0 \u00c2\u00a00x00001a48 start + 68
\n4\u00c2\u00a0\u00c2\u00a0 ???\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0 \u00c2\u00a0\u00c2\u00a0\u00c2\u00a0 \u00c2\u00a00000000000 0 + 0<\/p>\n
Thread 0 crashed with PPC Thread State 32:
\nsrr0: 0x00000000\u00c2\u00a0 srr1: 0x4200f030\u00c2\u00a0\u00c2\u00a0 dar: 0x000513b0 dsisr: 0x42000000<\/p>\n
…. etc. etc.<\/p>\n
I do NOT have the VPN service “running”.<\/p>\n
I did find this post on Apple discussions:<\/p>\n
http:\/\/discussions.apple.com\/thread.jspa?threadID=1491028#7116067<\/p>\n
and followed the posters directions for manually starting the tunnel.
\nI still get a bit of fussing, but no crash.
\nI checked the IPSec SA\/SPD info with setkey -PD and some basic pings across the network and the tunnel is active.<\/p>\n
The crashing doesn’t seem to be cpu arch dependent as my system is ppc and the OP on the Apple board is using a x86 machine.<\/p>\n
Kind of a bummer. It looks like there is probably some really simple issue here as the crash apparently happens very early in the setup process: “accept_connections”.<\/p>\n
Hopefully this will help someone in the future.<\/p>\n
Oh and FYI:<\/p>\n
Leopard Server IPSec parameters for a Shared Secret based VPN:<\/p>\n
Phase 1: DiffieHellman Group 2, 3DES, MD5, lifetime: 28800<\/p>\n
Phase 2: No Perfect Forward Secrecy; Encapsulated Packet (no AH); AES128 encryption; SHA1 hash; lifetime: 3600; Compression: Deflate (this is optional)<\/p>\n","protected":false},"excerpt":{"rendered":"
A client needs to have a Site to Site VPN between a server at their office and a NetScreen at their colo. I did a…<\/p>\n