[strongSwan] Charon does not load all configs
Rudolf Ladyzhenskii
rudolfl at rumatech.com
Fri Oct 19 06:14:32 CEST 2012
Hi, all
Strongswan 4.6.2, using charon only.
I've seen the issue couple of times (happens quite intermittently).
We have rather large config -- in excess of 15000 connections.
Sometimes strongswan does not load all connections. If i try ipsec up
<conxxxxx>, i get "no config named conxxxxx" message.
look at output of "ipsec statusall" and I can see that only connection
up to certain number are on, rest are not loaded. Number of laded
connections is different every time. Today I saw 14955 connections up
and connection 14996 and higher were not loaded.
Nothing abnormal in the logs
ipsec reload did not help
ipsec restart did not help
ipsec stop appeared to exit correctly, however charon was still
running as confirmed by 'ps'. Killing charon process and then starting
ipsec again correctly loaded all connections and all is good for now.
Just wondering if anyone saw those symptoms?
Thanks,
Rudolf
More information about the Users
mailing list