[strongSwan] spi allocation failed
Noel Kuntze
noel.kuntze+strongswan-users-ml at thermi.consulting
Fri Jan 3 19:54:45 CET 2020
Hello Naveen,
You might have to increase the debug level to get the message.
Kind regards
Noel
Am 03.01.20 um 19:43 schrieb Naveen Neelakanta:
> Hi Noel,
>
> Thanks you , i see that I am using OpenSSL. I will email them on this issue. However, it would be great if we get a vici error notification saying SPI allocation failed so that I can tack some prevent action based on the message.
>
>
> random-gen: RNG_WEAK[openssl]
>
>
>
> Thanks,
>
> Naveen
>
>
>
> On Fri, Jan 3, 2020 at 10:23 AM Noel Kuntze <noel.kuntze+strongswan-users-ml at thermi.consulting> wrote:
>
> Hello Naveen,
>
> That means the RNG (RNG_WEAK type) that is provided by whatever plugin didn't return an SPI but a failure instead.
> Check what plugin provides RNG_WEAK on your system (ipsec stroke listalgs or swanctl --list-algs) and check how that could occur.
> Maybe file a bug with the project that maintains the library or something. It's up to you.
>
> Kind regards
>
> Noel
>
> Am 03.01.20 um 02:52 schrieb Naveen Neelakanta:
> > Hi Noel and Tobias,
> >
> > I saw my session was down and see the below message in strongswan logs saying SPI allocation had failed, after restarting Charon, the session came up. I was running as root. I believe the session was flapping if that is the reason for the below message or are there other reasons for this. how can I recover from this situation?, I am using a vici interface to bring up the tunnel, I did not get any message saying spi allocating failed via a vici error message.
> >
> > [MGR] failed to allocate SPI for new IKE_SA
> >
> > Thanks,
> > Naveen
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20200103/1e82e841/attachment.sig>
More information about the Users
mailing list