[strongSwan] spi allocation failed

Noel Kuntze noel.kuntze+strongswan-users-ml at thermi.consulting
Fri Jan 3 19:23:28 CET 2020

Hello Naveen,

That means the RNG (RNG_WEAK type) that is provided by whatever plugin didn't return an SPI but a failure instead.
Check what plugin provides RNG_WEAK on your system (ipsec stroke listalgs or swanctl --list-algs) and check how that could occur.
Maybe file a bug with the project that maintains the library or something. It's up to you.

Kind regards


Am 03.01.20 um 02:52 schrieb Naveen Neelakanta:
> Hi Noel and Tobias, 
> I saw my session was down and see the below message in strongswan logs saying SPI allocation had failed, after restarting Charon, the session came up. I was running as root. I believe the session was flapping if that is the reason for the below message or are there other reasons for this. how can I recover from this situation?, I am using a vici interface to bring up the tunnel, I did not get any message saying spi allocating failed via a vici error message.
> [MGR] failed to allocate SPI for new IKE_SA
> Thanks,
> Naveen

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20200103/c7f6ecbb/attachment.sig>

More information about the Users mailing list