[strongSwan] Charon reset
Ken Nelson
ken at cazena.com
Fri Mar 6 03:56:21 CET 2015
Remote Access Client: StrongSwan v5.2.0 on Centos 6.6
VPN Server: StrongSwan v5.2.0 on Centos 6.6
Created an IPsec tunnel that was fairly long-lived, ~2 hours 5 minutes. The only application traffic was a periodic ping from the remote access client to a host inside the VPN, one per minute. Noticed the tunnel went down. Below is the log file around the time of the failure. DMN claims it received a critical signal. No idea how that happened as there was no interactive use of the system at the time.
Is this crash of interest? Is there any other data I could retrieve? If I rerun the test, is there any other debugging to enable?
Mar 6 01:51:14 ip-10-100-34-179 charon: 01[IKE] reauthenticating IKE_SA cazena-pdc[3]
Mar 6 01:51:14 ip-10-100-34-179 charon: 01[IKE] deleting IKE_SA cazena-pdc[3] between 10.100.34.179[linux-test]...a.b.c.d[secgw.cz-dev.com<http://secgw.cz-dev.com>]
Mar 6 01:51:14 ip-10-100-34-179 charon: 01[IKE] sending DELETE for IKE_SA cazena-pdc[3]
Mar 6 01:51:14 ip-10-100-34-179 charon: 01[ENC] generating INFORMATIONAL request 5 [ D ]
Mar 6 01:51:14 ip-10-100-34-179 charon: 01[NET] sending packet: from 10.100.34.179[4500] to a.b.c.d[4500] (76 bytes)
Mar 6 01:51:14 ip-10-100-34-179 charon: 14[NET] received packet: from a.b.c.d[4500] to 10.100.34.179[4500] (76 bytes)
Mar 6 01:51:14 ip-10-100-34-179 charon: 14[ENC] parsed INFORMATIONAL response 5 [ ]
Mar 6 01:51:14 ip-10-100-34-179 charon: 14[IKE] IKE_SA deleted
Mar 6 01:51:14 ip-10-100-34-179 vpn: - secgw.cz-dev.com<http://secgw.cz-dev.com> 10.8.64.0/23 == a.b.c.d -- 10.100.34.179 == 10.255.252.2/32
Mar 6 01:51:19 ip-10-100-34-179 charon: 14[IKE] installing new virtual IP 10.255.252.2
Mar 6 01:51:19 ip-10-100-34-179 charon: 14[IKE] restarting CHILD_SA cazena-pdc
Mar 6 01:51:19 ip-10-100-34-179 charon: 14[IKE] initiating IKE_SA cazena-pdc[4] to a.b.c.d
Mar 6 01:51:19 ip-10-100-34-179 charon: 14[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
Mar 6 01:51:19 ip-10-100-34-179 charon: 14[NET] sending packet: from 10.100.34.179[500] to a.b.c.d[500] (1132 bytes)
Mar 6 01:51:19 ip-10-100-34-179 charon: 14[IKE] removing DNS server 10.8.65.164 from /etc/resolv.conf
Mar 6 01:51:19 ip-10-100-34-179 charon: 09[NET] received packet: from a.b.c.d[500] to 10.100.34.179[500] (465 bytes)
Mar 6 01:51:19 ip-10-100-34-179 charon: 09[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ]
Mar 6 01:51:19 ip-10-100-34-179 charon: 09[IKE] local host is behind NAT, sending keep alives
Mar 6 01:51:19 ip-10-100-34-179 charon: 09[IKE] remote host is behind NAT
Mar 6 01:51:19 ip-10-100-34-179 charon: 09[DMN] thread 9 received 11
Mar 6 01:51:19 ip-10-100-34-179 charon: 09[LIB] dumping 2 stack frame addresses:
Mar 6 01:51:19 ip-10-100-34-179 charon: 09[LIB] /lib64/libpthread.so.0 @ 0x7fb8fd3ab000 [0x7fb8fd3ba710]
Mar 6 01:51:19 ip-10-100-34-179 charon: 09[LIB] -> sigaction.c:0
Mar 6 01:51:19 ip-10-100-34-179 charon: 09[LIB] /lib64/libc.so.6 @ 0x7fb8fce13000 [0x7fb8fd1a2ed8]
Mar 6 01:51:19 ip-10-100-34-179 charon: 09[LIB] -> interp.c:0
Mar 6 01:51:19 ip-10-100-34-179 charon: 09[DMN] killing ourself, received critical signal
Mar 6 01:51:24 ip-10-100-34-179 charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.2.0, Linux 2.6.32-504.1.3.el6.x86_64, x86_64)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150306/409cf415/attachment.html>
More information about the Users
mailing list