[strongSwan] spi allocation failed

Noel Kuntze noel.kuntze+strongswan-users-ml at thermi.consulting
Fri Jan 3 19:54:45 CET 2020


Hello Naveen,

You might have to increase the debug level to get the message.

Kind regards

Noel

Am 03.01.20 um 19:43 schrieb Naveen Neelakanta:
> Hi Noel, 
> 
> Thanks you , i see that I am using OpenSSL. I will email them on this issue. However, it would be great if we get a vici error notification saying SPI allocation failed so that I can tack some prevent action based on the message.
>  
> 
> random-gen: RNG_WEAK[openssl]
> 
> 
> 
> Thanks,
> 
> Naveen
> 
> 
> 
> On Fri, Jan 3, 2020 at 10:23 AM Noel Kuntze <noel.kuntze+strongswan-users-ml at thermi.consulting> wrote:
> 
>     Hello Naveen,
> 
>     That means the RNG (RNG_WEAK type) that is provided by whatever plugin didn't return an SPI but a failure instead.
>     Check what plugin provides RNG_WEAK on your system (ipsec stroke listalgs or swanctl --list-algs) and check how that could occur.
>     Maybe file a bug with the project that maintains the library or something. It's up to you.
> 
>     Kind regards
> 
>     Noel
> 
>     Am 03.01.20 um 02:52 schrieb Naveen Neelakanta:
>     > Hi Noel and Tobias, 
>     >
>     > I saw my session was down and see the below message in strongswan logs saying SPI allocation had failed, after restarting Charon, the session came up. I was running as root. I believe the session was flapping if that is the reason for the below message or are there other reasons for this. how can I recover from this situation?, I am using a vici interface to bring up the tunnel, I did not get any message saying spi allocating failed via a vici error message.
>     >  
>     > [MGR] failed to allocate SPI for new IKE_SA
>     >
>     > Thanks,
>     > Naveen
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20200103/1e82e841/attachment.sig>


More information about the Users mailing list