[strongSwan] problems with charon in 4.4.1
Andreas Schuldei
schuldei+strongswan at spotify.com
Tue May 24 16:26:38 CEST 2011
On Tue, May 24, 2011 at 8:48 AM, Andreas Schuldei
<schuldei+strongswan at spotify.com> wrote:
> On Mon, May 23, 2011 at 11:44 PM, Andreas Steffen
> <andreas.steffen at strongswan.org> wrote:
>> Hello Andreas,
>>
>> debugging these many connections might be easier using the
>> condensed /var/log/auth.log which has the following entries:
>>
>> http://www.strongswan.org/uml/testresults45/ikev2/dpd-restart/carol.auth.log
>
> the auth.log was still huge on taylor.
>
> i attempted to start from a clean slate today and did this on all
> machines in the test bed:
>
> /etc/init.d/ipsec stop
> rm -f /var/run/charon.pid /var/run/starter.pid /var/run/charon.ctl
> /etc/init.d/ipsec stop
> logrotate -f /etc/logrotate.conf
> ip xfrm policy flush
> /etc/network/if-up.d/ssh-outside-ipsec # this adds xfrm policy for
> port 500UDP and ssh traffic to NOT go through ipsec
> /etc/init.d/ipsec start
>
> and again taylor got immediate problems with the three hosts, just
> like yesterday. We dont have additional firewall rules that limit
> traffic between these hosts. Other hosts in the ash.spotify.net domain
> dont have problems either.
> Can something else get confused?
> is there more state somewhere?
do i need to unload the xfrm modules?
the connections between hosts, once turned bad, remained bad until i
rebooted the machines in question. since then (last few hours) it
works nicely. but rebooting is not a real option, of course. and
connections going into a state that is unrecoverable is not so good,
either.
More information about the Users
mailing list