[strongSwan] Small Problems with 5.2

Dirk Hartmann dha at heise.de
Fri Jul 11 14:15:00 CEST 2014 

Hi Martin,

--On Friday, July 11, 2014 09:52:40 AM +0200 Martin Willi 
<martin at strongswan.org> wrote:

>> 1. I get this error on both systems after upgrade:
>> ipsec_starter[3318]: notifying watcher failed: Broken pipe
>
> Hm, interesting, not sure were this broken pipe could come from, nor
> do I see this error on my 64bit Wheezy.
>
> Can you provide a little more context to this error message? What gets
> logged before/after this error?

Jul 10 10:31:28 media charon: 00[CFG]   loaded crl from 
'/etc/ipsec.d/crls/crl.pem'

Jul 10 10:31:28 media charon: 00[CFG] loading secrets from 
'/etc/ipsec.secrets'

Jul 10 10:31:28 media charon: 00[CFG]   loaded RSA private key from 
'/etc/ipsec.d/private/dhaKey.pem'

Jul 10 10:31:28 media charon: 00[CFG]   loaded RSA private key from 
'/etc/ipsec.d/private/dhanetKey.pem'

Jul 10 10:31:28 media ipsec_starter[1712]: charon (1713) started after 
100 ms

Jul 10 10:31:28 media charon: 03[CFG] received stroke: add connection 
'dhanet'

Jul 10 10:31:28 media charon: 03[CFG] left nor right host is our side, 
assuming left=local

Jul 10 10:31:28 media charon: 03[CFG]   loaded certificate "MYCERT" 
from 'dhanetCert.pem'

Jul 10 10:31:28 media charon: 03[CFG] added configuration 'dhanet'

Jul 10 10:31:28 media ipsec_starter[1712]: notifying watcher failed: 
Broken pipe

Jul 10 10:31:28 media charon: 06[CFG] received stroke: initiate 
'dhanet'

Jul 10 10:31:28 media charon: 06[IKE] initiating IKE_SA dhanet[1] to 
SERVERIP

Jul 10 10:31:28 media charon: 06[NET] sending packet: from LOCALIP[500] 
to SERVERIP[500] (452 bytes)

Jul 10 10:31:28 media ipsec_starter[1712]: notifying watcher failed: 
Broken pipe

Jul 10 10:31:28 media charon: 08[NET] received packet: from 
SERVERIP[500] to LOCALIP[500] (465 bytes)

Jul 10 10:31:28 media charon: 08[IKE] local host is behind NAT, sending 
keep alives

Jul 10 10:31:28 media charon: 08[IKE] received cert request for 
"CACERT"

Jul 10 10:31:28 media charon: 08[IKE] sending cert request for "CACERT"

Jul 10 10:31:28 media charon: 08[IKE] authentication of 'MYCERT' 
(myself) with RSA signature successful

Debuglevel was:
charondebug="cfg 2 ike 2, knl 2, net 2"

>> What further information would you need, what debug levels should I
>> use?
>
> After building strongSwan, can you try to run "make check" on this
> system? Do the watcher/stream tests complete successfully?

yes no problems reported.

  Passed all 4 'watcher' test cases

  Passed all 4 'stream' test cases


the same on both gateways.

> If not, the
> output of
>
>> TESTS_VERBOSITY=2 TESTS_SUITES="watcher, stream" make check
>
> could help in debugging this issue.


Thanks
Dirk
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 181 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140711/66eca9e2/attachment.pgp>

More information about the Users mailing list