[strongSwan] spi allocation failed

Naveen Neelakanta naveen.b.neelakanta at gmail.com
Fri Jan 3 19:43:31 CET 2020


Hi Noel,

Thanks you , i see that I am using OpenSSL. I will email them on this
issue. However, it would be great if we get a vici error notification
saying SPI allocation failed so that I can tack some prevent action based
on the message.


random-gen: RNG_WEAK[openssl]



Thanks,

Naveen


On Fri, Jan 3, 2020 at 10:23 AM Noel Kuntze
<noel.kuntze+strongswan-users-ml at thermi.consulting> wrote:

> Hello Naveen,
>
> That means the RNG (RNG_WEAK type) that is provided by whatever plugin
> didn't return an SPI but a failure instead.
> Check what plugin provides RNG_WEAK on your system (ipsec stroke listalgs
> or swanctl --list-algs) and check how that could occur.
> Maybe file a bug with the project that maintains the library or something.
> It's up to you.
>
> Kind regards
>
> Noel
>
> Am 03.01.20 um 02:52 schrieb Naveen Neelakanta:
> > Hi Noel and Tobias,
> >
> > I saw my session was down and see the below message in strongswan logs
> saying SPI allocation had failed, after restarting Charon, the session came
> up. I was running as root. I believe the session was flapping if that is
> the reason for the below message or are there other reasons for this. how
> can I recover from this situation?, I am using a vici interface to bring up
> the tunnel, I did not get any message saying spi allocating failed via a
> vici error message.
> >
> > [MGR] failed to allocate SPI for new IKE_SA
> >
> > Thanks,
> > Naveen
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20200103/66ec50ed/attachment-0001.html>


More information about the Users mailing list