[strongSwan] [strongswan-5.6.0] - Rekey issue

Sriram sriram.ec at gmail.com
Thu Apr 26 07:49:31 CEST 2018 

Hi Tobias,

ulimit for core is set to zero, so I didn't see any core files. I don't see
any backtrace in the log also.
But I see these logs before charon restart.

Apr 24 13:51:13 localhost charon: 00[DMN] signal of type SIGINT received.
Shutting down
Apr 24 13:51:13 localhost charon: 00[MGR] going to destroy IKE_SA manager
and all managed IKE_SA's
Apr 24 13:51:13 localhost charon: 00[MGR] set driveout flags for all stored
IKE_SA's
Apr 24 13:51:13 localhost charon: 00[MGR] wait for all threads to leave
IKE_SA's
Apr 24 13:51:13 localhost charon: 00[MGR] delete all IKE_SA's
Apr 24 13:51:13 localhost charon: 00[IKE] queueing IKE_DELETE task
Apr 24 13:51:13 localhost charon: 00[IKE] delaying task initiation,
CREATE_CHILD_SA exchange in progress
Apr 24 13:51:13 localhost charon: 00[MGR] destroy all entries
Apr 24 13:51:13 localhost charon: 00[IKE] IKE_SA home[3] state change:
REKEYING => DESTROYING
Apr 24 13:51:13 localhost charon: 00[IKE] IKE_SA home[4] state change:
CONNECTING => DESTROYING
Apr 24 13:51:13 localhost charon: 00[CFG] lease 2001:0:0:15::1 by '
0005B9519290.airvana.com' went offline

I have not modified the code.
loglevel in the secgw is set as below,
charondebug="ike 4, chd 1, *cfg 4*, net 1, enc 1, lib 1, *mgr 4*, knl 1,
dmn 1" ,
because of which I see lot of prints, is this logging keeping daemon very
busy and eventually leads to restart ?


In the security gateway, strongswan-5.6.1 compilation is not going through
because of some python dependency. So I have installed strongswan-5.6.0. If
you suggest it is better to install 5.6.1 or the latest, I can try that as
well.

Regards,
Sriram.


On Wed, Apr 25, 2018 at 7:25 PM, Tobias Brunner <tobias at strongswan.org>
wrote:

> Hi Sriram,
>
> > What is the reason for SecGw’s charon daemon restart ?
>
> The daemon does not automatically restart itself, so probably a crash.
> Do you see any backtrace in the log?  Any core dumps?
>
> Did you modify the code in any way?  Is there a reason you use different
> versions on the two hosts (and not the latest at that)?
>
> Regards,
> Tobias
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180426/cadaf30f/attachment.html>

More information about the Users mailing list