[strongSwan] "auto = try_again_later" on DNS problems?

Noel Kuntze noel.kuntze+strongswan-users-ml at thermi.consulting
Tue Jul 11 17:50:21 CEST 2017


Hello Harald,

There's none and implementing something like that requires major code changes. It is unlikely to happen soon.

Kind regards

Noel

On 10.07.2017 20:21, Harald Dunkel wrote:
> Hi folks,
>
> sometimes starting charon fails with "Temporary failure 
> in name resolution", e.g.
>
> Jul 10 19:58:50 00[DMN] Starting IKE charon daemon (strongSwan 5.5.3, Linux 4.11.9-raw, x86_64)
> Jul 10 19:58:50 00[CFG] PKCS11 module '<name>' lacks library path
> Jul 10 19:58:50 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
> Jul 10 19:58:50 00[CFG]   loaded ca certificate "C=DE, O=example AG, OU=example Certificate Authority, CN=example Root CA" from '/etc/ipsec.d/cacerts/root-ca.pem'
> Jul 10 19:58:50 00[CFG]   loaded ca certificate "C=DE, O=example AG, OU=example Certificate Authority, CN=ws-example-CA" from '/etc/ipsec.d/cacerts/ws-example-CA-public.root-ca.pem'
> Jul 10 19:58:50 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
> Jul 10 19:58:50 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
> Jul 10 19:58:50 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
> Jul 10 19:58:50 00[CFG] loading crls from '/etc/ipsec.d/crls'
> Jul 10 19:58:50 00[CFG] loading secrets from '/etc/ipsec.secrets'
> Jul 10 19:58:50 00[CFG]   loaded RSA private key from '/etc/ipsec.d/private/local.sample.de.key.pem'
> Jul 10 19:58:50 00[LIB] loaded plugins: charon test-vectors ldap pkcs11 aesni aes rc2 sha2 sha1 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl gcrypt af-alg fips-prf gmp curve25519 agent xcbc cmac hmac ctr ccm gcm curl attr kernel-netlink resolve socket-default connmark stroke vici updown
> Jul 10 19:58:50 00[LIB] dropped capabilities, running as uid 0, gid 0
> Jul 10 19:58:50 00[JOB] spawning 16 worker threads
> Jul 10 19:58:50 05[CFG] received stroke: add connection 'sample-example'
> Jul 10 19:58:50 17[LIB] resolving 'gate.example.com' failed: Temporary failure in name resolution
> Jul 10 19:58:50 05[CFG]   loaded certificate "C=DE, O=sample.de, CN=local.sample.de, E=jupp at sample.de" from 'local.sample.de.cert.pem'
> Jul 10 19:58:50 05[CFG] added configuration 'sample-example'
> Jul 10 19:58:50 06[CFG] received stroke: route 'sample-example'
> Jul 10 19:58:50 17[LIB] resolving 'gate.example.com' failed: Temporary failure in name resolution
> Jul 10 19:58:50 06[CFG] installing trap failed, remote address unknown
>
> I tried both "auto = start" and "auto = route". Of course I can add 
> the missing DNS entry to /etc/hosts, but I wonder if there some 
> smart trick to tell charon to try again later?
>
>
> Regards
> Harri

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170711/53979e61/attachment.sig>


More information about the Users mailing list