Issue #3362

Strongswan stops establishing tunnel after certificate verification

Added by Julien Chezeaux 5 months ago. Updated 26 days ago.

Affected version:
No change required



We've encoutered a strange issue with Strongswan (version 5.6.3 on both sides).
The configuration and scenario works well most of the time, but in some rare cases the initiator stops (i.e. "hangs") establishing the connection.

Here is the scenario:
  • The initiator open a first tunnel with success.
  • The initiator then begin to open a second tunnel (configuration and logs attached), to another responder.
  • The second tunnel goes until the message "authentication of 'C=...' with RSA signature successful", and then stops.
  • Strongswan then hangs and is not able to process any other commands, so for example the existing tunnels cannot be rekeyed and die after some time.

I do not have the logs of the responder, but it seems that the problem is on the initiator side.
The problem is quite difficult to reproduce, but it occurred 3 times so we have to correct it.

Do you know what can cause this issue?

ipsec_initiator.conf (356 Bytes) ipsec_initiator.conf Julien Chezeaux, 05.03.2020 14:51
ipsec_initiator.log (6.66 KB) ipsec_initiator.log Julien Chezeaux, 05.03.2020 14:51
ipsec_responder.conf (542 Bytes) ipsec_responder.conf Julien Chezeaux, 05.03.2020 14:51


#1 Updated by Tobias Brunner 5 months ago

  • Status changed from New to Feedback

Hard to tell. Maybe a crash, or a deadlock (maybe triggered by a crash), or something else. You could try attaching a debugger to the charon process when it hangs, or forcing a core dump to analyze the backtraces of all threads. The version is also relatively old, so it might be something we fixed in the meantime.

#2 Updated by Julien Chezeaux about 1 month ago


The problem was due to a segfault in openssl when trying to check a CRL, so it is not related to Strongswan.
You can close the issue.


#3 Updated by Tobias Brunner 26 days ago

  • Category deleted (charon)
  • Status changed from Feedback to Closed
  • Assignee set to Tobias Brunner
  • Resolution set to No change required

Also available in: Atom PDF