[strongSwan] problems with charon in 4.4.1

Andreas Schuldei schuldei+strongswan at spotify.com
Tue May 24 16:26:38 CEST 2011

On Tue, May 24, 2011 at 8:48 AM, Andreas Schuldei
<schuldei+strongswan at spotify.com> wrote:
> On Mon, May 23, 2011 at 11:44 PM, Andreas Steffen
> <andreas.steffen at strongswan.org> wrote:
>> Hello Andreas,
>> debugging these many connections might be easier using the
>> condensed /var/log/auth.log which has the following entries:
>> http://www.strongswan.org/uml/testresults45/ikev2/dpd-restart/carol.auth.log
> the auth.log was still huge on taylor.
> i attempted to start from a clean slate today and did this on all
> machines in the test bed:
>        /etc/init.d/ipsec stop
>        rm -f /var/run/charon.pid /var/run/starter.pid /var/run/charon.ctl
>        /etc/init.d/ipsec stop
>       logrotate -f /etc/logrotate.conf
>        ip xfrm policy flush
>        /etc/network/if-up.d/ssh-outside-ipsec  # this adds xfrm policy for
> port 500UDP and ssh traffic to NOT go through ipsec
>        /etc/init.d/ipsec start
> and again taylor got immediate problems with the three hosts, just
> like yesterday. We dont have additional firewall rules that limit
> traffic between these hosts. Other hosts in the ash.spotify.net domain
> dont have problems either.
> Can something else get confused?
> is there more state somewhere?

do i need to unload the xfrm modules?
the connections between hosts, once turned bad, remained bad until i
rebooted the machines in question. since then (last few hours) it
works nicely. but rebooting is not a real option, of course. and
connections going into a state that is unrecoverable is not so good,

More information about the Users mailing list