Project

General

Profile

Bug #440

Updated by Tobias Brunner almost 7 years ago

Sometimes charon can't "up" a connection, because it thinks it isn't there, but "ipsec statusall" clearly shows it.
It mostly happens after I restarted strongSwan.

<pre>
# ipsec statusall
Status of IKE charon daemon (strongSwan 5.1.1, Linux 3.11.6-1-ARCH, x86_64):
uptime: 11 seconds, since Nov 11 09:36:05 2013
malloc: sbrk 2420736, mmap 0, used 391808, free 2028928
worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 0
loaded plugins: charon test-vectors curl random nonce x509 revocation constraints pubkey pkcs1 pem openssl af-alg gmp xcbc cmac hmac ccm attr kernel-netlink socket-default farp stroke updown eap-identity eap-gtc eap-mschapv2 eap-radius xauth-generic xauth-eap unity resolve
Listening IP addresses:
141.79.50.88
Connections:
home: %any...cdgsthermi.no-ip.org IKEv2, dpddelay=10s
home: local: [C=DE, ST=Baden-W??rttemberg, O=ThermiCorp, OU=Users, CN=Thermi Thinkpad, E=Thermi_Thinkpad@cdgsthermi.no-ip.org] uses public key authentication
home: cert: "C=DE, ST=Baden-W??rttemberg, O=ThermiCorp, OU=Users, CN=Thermi Thinkpad, E=Thermi_Thinkpad@cdgsthermi.no-ip.org"
home: remote: [cdgsthermi.no-ip.org] uses public key authentication
home: child: dynamic === 192.168.178.0/24 TUNNEL, dpdaction=restart
tunnel: child: dynamic === 0.0.0.0/0 TUNNEL, dpdaction=restart
server: %any...192.168.178.48 IKEv2, dpddelay=10s
server: local: [C=DE, ST=Baden-W??rttemberg, O=ThermiCorp, OU=Users, CN=Thermi Thinkpad, E=Thermi_Thinkpad@cdgsthermi.no-ip.org] uses public key authentication
server: cert: "C=DE, ST=Baden-W??rttemberg, O=ThermiCorp, OU=Users, CN=Thermi Thinkpad, E=Thermi_Thinkpad@cdgsthermi.no-ip.org"
server: remote: [cdgsthermi.no-ip.org] uses public key authentication
server: child: dynamic === 192.168.178.48/32 141.79.0.0/16 TUNNEL, dpdaction=restart
Security Associations (0 up, 0 connecting):
none


[root@thermi-thinkpad thermi]# ipsec up home
unable to resolve %any, initiate aborted
tried to check-in and delete nonexisting IKE_SA
establishing connection 'home' failed
</pre>


Back