[strongSwan] charon appears to either crash and/or restart during HA takeover

FINLEY, DAVID BRIAN df1672 at att.com
Thu Dec 2 19:33:15 CET 2021


Hello,
Experiencing an issue with version 5.8.0. We have two gateways in an HA arrangement. When the current master goes down, the backup takes over ok but when the old master comes backup (as the back up) and attempts to the re-sync the tunnel list from the new master (took over for the old master when the master was rebooted), I see the following msgs in the charon.log:

Nov 30 04:10:40.571 01[CFG] HA: accepted new connection request from fd00:2600:2600:115:1::1  # The rebooted old master is now coming back up
Nov 30 04:10:40.571 01[CFG] HA: successfully accepted incoming connection                                         # The rebooted old master starts its strongswan HA "sync" connection to us (the new master)
Nov 30 04:10:41.569 05[CFG] resyncing HA segment 1
Nov 30 04:10:41.995 05[CFG] HA: failed to receive 4 bytes : Connection reset by peer
Nov 30 04:10:41.995 05[CFG] HA: failed to read size (4 bytes)
Nov 30 04:10:41.995 05[CFG] HA: pulling message failed
Nov 30 04:10:41.995 05[DMN] thread 5 received 11                                                                                       # charon crashes??
Nov 30 04:10:41.995 06[CFG] HA: failed to send 17284930 bytes: Bad file descriptor
Nov 30 04:10:41.995 01[CFG] HA: accepted new connection request from fd00:2600:2600:115:1::1
Nov 30 04:10:41.995 01[CFG] HA: successfully accepted incoming connection
Nov 30 04:10:42.615 00[LIB] openssl FIPS mode(1) - enabled                                                                      # charon restarts ???
Nov 30 04:10:42.622 00[CFG] crl caching to /etc/ike/swanctl/x509crl enabled
Nov 30 04:10:42.622 00[CFG] loaded 0 RADIUS server configurations

3 questions:

  1.  The crash appears to have been caused by the "pulling message failed condition?
  2.  I don't find a core anywhere, should charon have generated a core as result of the "thread 5 received 11" condition?
  3.  Are there significant HA fixes/enhancements in strongswan 5.9.x ? Maybe we should upgrade?

thx

Dave Finley
df1672 at att.com<mailto:df1672 at att.com>
(630) 719-4391  (desk)
(630) 740-5198  (mobile)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20211202/115fbb6c/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.gif
Type: image/gif
Size: 38294 bytes
Desc: image001.gif
URL: <http://lists.strongswan.org/pipermail/users/attachments/20211202/115fbb6c/attachment-0001.gif>


More information about the Users mailing list