[strongSwan] kernel upgrades
Alexandre Chapellon
a.chapellon at horoa.net
Wed Feb 8 17:02:33 CET 2012
Here are some additionnal informations:
When running strongswan with the 3.2 kernel here is what i find in the logs:
Feb 8 16:56:11 shire charon: 16[KNL] unable to add policy 172.17.2.0/24
=== 172.20.0.0/23 out
Feb 8 16:56:11 shire charon: 16[KNL] unable to add policy 172.20.0.0/23
=== 172.17.2.0/24 in
Feb 8 16:56:11 shire charon: 16[KNL] unable to add policy 172.20.0.0/23
=== 172.17.2.0/24 fwd
Feb 8 16:56:11 shire charon: 16[IKE] unable to install IPsec policies
(SPD) in kernel
If i check ip xfrm policy I indeed note that the policy vanished,
whereas the tunnel seems still up:
ipsec status
Security Associations:
lan2lan[1]: ESTABLISHED 3 minutes ago,
172.17.2.200[shire]...27.12.3.29[vpn.domain.net]
any idea?
Le 07/02/2012 18:43, Alexandre Chapellon a écrit :
> Hi,
>
> I had a working strongswan setup (4.4.1 from debian repository).
> Recently I had to upgrade the kernel version of the server because of a
> tiers software.
> Since this upgrade tunnels just don't work that good and randomly fail
> to keep up.
> Is there anything I have to do (like recomplie strongswan against new
> kernel, or use a newer version of strongswan) to have things working
> nicely again?
>
> Regards.
--
<http://www.horoa.net>
Alexandre Chapellon
Ingénierie des systèmes open sources et réseaux.
Follow me on twitter: @alxgomz <http://www.twitter.com/alxgomz>
More information about the Users
mailing list