[strongSwan] problems with charon in 4.4.1
Andreas Schuldei
schuldei+strongswan at spotify.com
Mon May 23 20:22:34 CEST 2011
the charon log files for these four hosts are available for download here:
alvina.ash.spotify.net-charon.log.gz
annalise.ash.spotify.net-charon.log.gz
annmarie.ash.spotify.net-charon.log.gz
taylor.sto.spotify.net-charon.log.gz
On Mon, May 23, 2011 at 2:46 PM, Andreas Schuldei
<schuldei+strongswan at spotify.com> wrote:
> hi!
>
> I seem to be experiencing problems with charon in strongswan 4.4.1.
>
> One problem is that charon sometimes failes to reinitiate SAs once
> they expire. I set up a testbed with 17 hosts to reproduce and track
> down the issue, as it takes some time for it to manifest.
>
> since every host has several connections to the other peers in this
> ipsec setup, it is tricky to see what log entry is caused by which
> connection. how can single out the log entries from those
> affected/failing connections? how can i get a verbose status dump from
> charon showing what it thinks the status is of all the connections it
> keeps track of?
> i dont want to attache 16M of log files here. please advice what parts
> are useful, and i would appreciate tips on how to extract those.
>
> the hosts that i currenly see problems with are up:
>
> root at taylor:~# fping annalise.ash.spotify.net annmarie.ash.spotify.net
> alvina.ash.spotify.net
> annalise.ash.spotify.net is alive
> annmarie.ash.spotify.net is alive
> alvina.ash.spotify.net is alive
>
> but ipsec statusall has no SA for them. (see ipsec-statusall.txt)
>
> please also find attached annalises and taylors ipsec.conf. the other
> hosts' ipsec.conf is equivalent. there is always one initiator for
> each connection.
>
More information about the Users
mailing list