[strongSwan] received critical signal, ?

Ali Masoudi masoudi1983 at gmail.com
Wed Oct 31 16:23:40 CET 2012


Hi

I'm using version 5.0.1 and most of the time, I have no problem. but
sometimes (usually during and after REKEYING), one of the threads
received critical signal. rate of occurring goes higher when rate of
data or number of tunnels goes higher. I have no idea why this
happens. Does this happen to any other one? Why this is happening? I
really appreciate your help.

Here is some of the log:

Oct 31 14:31:41 16[MGR] checkout IKE_SA by message
Oct 31 14:31:41 07[NET] received packet: from 192.168.109.128[4500] to
192.168.20.225[4500]
Oct 31 14:31:41 07[NET] waiting for data on sockets
Oct 31 14:31:41 11[MGR] checkout IKE_SA by message
Oct 31 14:31:41 03[IKE] <129|11> local host is behind NAT, sending keep alives
Oct 31 14:31:41 03[KNL] <129|11> querying SAD entry with SPI 0d9ad97f
(mark 0/0x00000000)
Oct 31 14:31:41 03[KNL] <129|11> querying SAD entry with SPI 0b8bf6ac
(mark 0/0x00000000)
Oct 31 14:31:41 03[KNL] <129|11> querying SAD entry with SPI 024c31b7
(mark 0/0x00000000)
Oct 31 14:31:41 03[KNL] <129|11> querying SAD entry with SPI 0b5bcc27
(mark 0/0x00000000)
Oct 31 14:31:41 03[KNL] <129|11> querying SAD entry with SPI 05c0893f
(mark 0/0x00000000)
Oct 31 14:31:41 03[KNL] <129|11> querying SAD entry with SPI 01f7272e
(mark 0/0x00000000)
Oct 31 14:31:41 03[KNL] <129|11> querying SAD entry with SPI 0856a02e
(mark 0/0x00000000)
Oct 31 14:31:41 03[KNL] <129|11> querying SAD entry with SPI 08b8fed4
(mark 0/0x00000000)
Oct 31 14:31:41 03[KNL] <129|11> querying SAD entry with SPI 00ce0061
(mark 0/0x00000000)
Oct 31 14:31:41 03[KNL] <129|11> querying SAD entry with SPI 0b2cb6ee
(mark 0/0x00000000)
Oct 31 14:31:41 03[KNL] <129|11> querying SAD entry with SPI 00b302a0
(mark 0/0x00000000)
Oct 31 14:31:41 03[KNL] <129|11> querying SAD entry with SPI 0c3825bd
(mark 0/0x00000000)
Oct 31 14:31:41 03[KNL] <129|11> querying SAD entry with SPI 09d3f4cc
(mark 0/0x00000000)
Oct 31 14:31:41 03[KNL] <129|11> querying SAD entry with SPI 0fdae14d
(mark 0/0x00000000)
Oct 31 14:31:41 03[KNL] <129|11> querying policy 192.168.225.0/24 ===
192.168.163.0/24 out  (mark 0/0x00000000)
Oct 31 14:31:41 04[JOB] next event in 180ms, waiting
Oct 31 14:31:41 03[IKE] <129|11> remote host is behind NAT
Oct 31 14:31:41 03[IKE] <129|11> reinitiating already active tasks
Oct 31 14:31:41 03[IKE] <129|11>   MAIN_MODE task
Oct 31 14:31:41 03[NET] <129|11> sending packet: from
192.168.20.225[4500] to 192.168.109.128[4500]
Oct 31 14:31:41 08[NET] sending packet: from 192.168.20.225[4500] to
192.168.109.128[4500]
Oct 31 14:31:41 04[JOB] next event in 176ms, waiting
Oct 31 14:31:41 03[MGR] <129|11> checkin IKE_SA 129[11]
Oct 31 14:31:41 03[MGR] <129|11> check-in of IKE_SA successful.
Oct 31 14:31:41 07[NET] received packet: from 192.168.109.128[4500] to
192.168.20.225[4500]
Oct 31 14:31:41 07[NET] waiting for data on sockets
Oct 31 14:31:41 13[MGR] checkout IKE_SA by message
Oct 31 14:31:41 13[MGR] IKE_SA 129[11] successfully checked out
Oct 31 14:31:41 13[NET] <129|11> received packet: from
192.168.109.128[4500] to 192.168.20.225[4500]
Oct 31 14:31:41 13[IKE] <129|11> IKE_SA 129[11] established between
192.168.20.225[192.168.20.225]...192.168.109.128[192.168.209.129]
Oct 31 14:31:41 13[IKE] <129|11> IKE_SA 129[11] state change:
CONNECTING => ESTABLISHED
Oct 31 14:31:41 13[IKE] <129|11> scheduling reauthentication in 17s
Oct 31 14:31:41 13[IKE] <129|11> maximum IKE_SA lifetime 557s
Oct 31 14:31:41 13[IKE] <129|11> activating new tasks
Oct 31 14:31:41 13[IKE] <129|11> nothing to initiate
Oct 31 14:31:41 13[MGR] <129|11> checkin IKE_SA 129[11]
Oct 31 14:31:41 13[MGR] <129|11> check-in of IKE_SA successful.
Oct 31 14:31:41 04[JOB] next event in 170ms, waiting
Oct 31 14:31:41 04[JOB] got event, queuing job for execution
Oct 31 14:31:41 04[JOB] next event in 970ms, waiting
Oct 31 14:31:41 14[MGR] checkout IKE_SA
Oct 31 14:31:41 14[MGR] IKE_SA 129[5] successfully checked out
Oct 31 14:31:41 14[MGR] <129|5> checkin IKE_SA 129[5]
Oct 31 14:31:41 14[MGR] <129|5> check-in of IKE_SA successful.
Oct 31 14:31:41 04[JOB] next event in 970ms, waiting
Oct 31 14:31:42 07[NET] received packet: from 192.168.109.128[4500] to
192.168.20.225[4500]
Oct 31 14:31:42 07[NET] waiting for data on sockets
.
.
.
Oct 31 14:31:51 15[IKE] <129|5> queueing ISAKMP_DPD task
Oct 31 14:31:51 15[IKE] <129|5> activating new tasks
Oct 31 14:31:51 15[IKE] <129|5> nothing to initiate
Oct 31 14:31:51 15[MGR] <129|5> checkin IKE_SA 129[5]
Oct 31 14:31:51 15[MGR] <129|5> check-in of IKE_SA successful.
Oct 31 14:31:51 07[NET] waiting for data on sockets
Oct 31 14:31:52 13[DMN] <129|11> killing ourself, received critical signal
Oct 31 14:31:57 00[DMN] Starting IKE charon daemon (strongSwan
5.0.1rc1, Linux 2.6.34.1, i686)
Oct 31 14:31:57 00[KNL] detected Linux 2.6.34, no support for
RTA_PREFSRC for IPv6 routes
Oct 31 14:31:57 00[KNL] known interfaces and IP addresses:
Oct 31 14:31:57 00[KNL]   lo
Oct 31 14:31:57 00[KNL]     127.0.0.1
Oct 31 14:31:57 00[KNL]     ::1
Oct 31 14:31:57 00[KNL]   INT
Oct 31 14:31:57 00[KNL]     192.168.50.5
Oct 31 14:31:57 00[KNL]   DMZ
Oct 31 14:31:57 00[KNL]     192.168.20.225
Oct 31 14:31:57 00[KNL]     fe80::210:f3ff:fe17:a21
Oct 31 14:31:57 00[KNL]   EXT
Oct 31 14:31:57 00[KNL]     192.168.225.225


Here is my config:

config setup
        uniqueids="no"
        strictcrlpolicy="no"

conn %default
        keyingtries="0"
        leftsendcert="always"
conn 129
        authby="psk"
        auto="start"
        type="tunnel"
        compress="no"
        rekeymargin="5"
        leftfirewall="yes"
        left="192.168.20.225"
        leftid="192.168.20.225"
        leftsubnet="192.168.225.0/24"
        right="192.168.109.128"
        rightid="192.168.209.129"
        rightsubnet="192.168.163.0/24"
        ike="aes256-md5-modp4096"
        esp="aes256-md5-modp1024"
        keylife="600"
        ikelifetime="600"
        keyexchange="ikev1"
        dpdaction="restart"
        dpddelay="30s"
        dpdtimeout="60s"




More information about the Users mailing list