Strongswan stops establishing tunnel after certificate verification
We've encoutered a strange issue with Strongswan (version 5.6.3 on both sides).
The configuration and scenario works well most of the time, but in some rare cases the initiator stops (i.e. "hangs") establishing the connection.
- The initiator open a first tunnel with success.
- The initiator then begin to open a second tunnel (configuration and logs attached), to another responder.
- The second tunnel goes until the message "authentication of 'C=...' with RSA signature successful", and then stops.
- Strongswan then hangs and is not able to process any other commands, so for example the existing tunnels cannot be rekeyed and die after some time.
I do not have the logs of the responder, but it seems that the problem is on the initiator side.
The problem is quite difficult to reproduce, but it occurred 3 times so we have to correct it.
Do you know what can cause this issue?
#1 Updated by Tobias Brunner 5 months ago
- Status changed from New to Feedback
Hard to tell. Maybe a crash, or a deadlock (maybe triggered by a crash), or something else. You could try attaching a debugger to the charon process when it hangs, or forcing a core dump to analyze the backtraces of all threads. The version is also relatively old, so it might be something we fixed in the meantime.