Re: [strongSwan] problems with charon in 4.5.2 (was: 4.4.1)

2011-06-01 Thread Andreas Schuldei
Hi! now i ran strongswan 4.5.2 for two days and it looks more stable then 4.4.1 on our testbed. however, even 4.5.2 died tonight. the connection between alvina and sarah went down and attempts to reinitiate it failed. i attache the output of grep alvina /var/log/daemon (on sarah) and vice

Re: [strongSwan] problems with charon in 4.5.2 (was: 4.4.1)

2011-06-01 Thread Martin Willi
Hi, Of course i would like the two hosts to try harder to re-establish their connection again. did something go wrong at that point? how can i increase the number of reconnection attempts in case of loss of SA? %forever sounds long to me, but hey. should i just put a really big number here?

Re: [strongSwan] problems with charon in 4.4.1

2011-05-27 Thread Andreas Schuldei
after the test setup survived the night (i dont know if there were problems during the night, but if there where, they self-healed, which is almost as good.) this morning the there were again several hosts without and SA in ESTABLISHED state (according to ipsec statusall). it centered around

Re: [strongSwan] problems with charon in 4.4.1

2011-05-26 Thread Andreas Schuldei
On Wed, May 25, 2011 at 8:49 AM, Andreas Schuldei schuldei+strongs...@spotify.com wrote: now i uploaded new logs from taylor and aldona. the two dropped their SA sometimes after 2011-05-24T21:48:21 (that is the last good SA negotiation i can see in the logs) and didnt manage to establish a new

Re: [strongSwan] problems with charon in 4.4.1

2011-05-24 Thread Andreas Schuldei
On Tue, May 24, 2011 at 8:48 AM, Andreas Schuldei schuldei+strongs...@spotify.com wrote: On Mon, May 23, 2011 at 11:44 PM, Andreas Steffen andreas.stef...@strongswan.org wrote: Hello Andreas, debugging these many connections might be easier using the condensed /var/log/auth.log which has the

Re: [strongSwan] problems with charon in 4.4.1

2011-05-23 Thread Andreas Steffen
seem to be experiencing problems with charon in strongswan 4.4.1. One problem is that charon sometimes failes to reinitiate SAs once they expire. I set up a testbed with 17 hosts to reproduce and track down the issue, as it takes some time for it to manifest. since every host has several

Re: [strongSwan] problems with charon in 4.4.1

2011-05-23 Thread Andreas Steffen
/taylor.sto.spotify.net-charon.log.gz On Mon, May 23, 2011 at 2:46 PM, Andreas Schuldei schuldei+strongs...@spotify.com wrote: hi! I seem to be experiencing problems with charon in strongswan 4.4.1. One problem is that charon sometimes failes to reinitiate SAs once they expire. I set up a testbed

Re: [strongSwan] problems with charon in 4.4.1

2011-05-23 Thread Andreas Schuldei
, Andreas Schuldei schuldei+strongs...@spotify.com wrote: hi! I seem to be experiencing problems with charon in strongswan 4.4.1. One problem is that charon sometimes failes to reinitiate SAs once they expire. I set up a testbed with 17 hosts to reproduce and track down the issue, as it takes

[strongSwan] Problems with Charon

2009-09-01 Thread ServerAlex
I've got a host-to-host connection that should be kept alive 24/7. machine 1: config setup plutostart=no # IKEv1 charonstart=yes # IKEv2 nat_traversal=no # Add connections here. # Sample VPN connections conn %default ikelifetime=60m

Re: [strongSwan] Problems with Charon

2009-09-01 Thread Andreas Steffen
Hi, are you running strongSwan on CentOS or RedHat? There is an issue with these Linux kernels where IPsec policies get deleted when they are queried e.g. by ipsec statusall or DPD. I think this kernel bug was fixed recently by RedHat. Best regards Andreas ServerAlex wrote: I've got a