Hello Andreas, debugging these many connections might be easier using the condensed /var/log/auth.log which has the following entries:
http://www.strongswan.org/uml/testresults45/ikev2/dpd-restart/carol.auth.log Regards Andreas On 05/23/2011 08:14 PM, Andreas Schuldei wrote: > the charon log files for these four hosts are available for download here: > http://origin.scdn.co/u/wp/alvina.ash.spotify.net-charon.log.gz > http://origin.scdn.co/u/wp/annalise.ash.spotify.net-charon.log.gz > http://origin.scdn.co/u/wp/annmarie.ash.spotify.net-charon.log.gz > http://origin.scdn.co/u/wp/taylor.sto.spotify.net-charon.log.gz > > > On Mon, May 23, 2011 at 2:46 PM, Andreas Schuldei > <schuldei+strongs...@spotify.com> wrote: >> hi! >> >> I seem to be experiencing problems with charon in strongswan 4.4.1. >> >> One problem is that charon sometimes failes to reinitiate SAs once >> they expire. I set up a testbed with 17 hosts to reproduce and track >> down the issue, as it takes some time for it to manifest. >> >> since every host has several connections to the other peers in this >> ipsec setup, it is tricky to see what log entry is caused by which >> connection. how can single out the log entries from those >> affected/failing connections? how can i get a verbose status dump from >> charon showing what it thinks the status is of all the connections it >> keeps track of? >> i dont want to attache 16M of log files here. please advice what parts >> are useful, and i would appreciate tips on how to extract those. >> >> the hosts that i currenly see problems with are up: >> >> root@taylor:~# fping annalise.ash.spotify.net annmarie.ash.spotify.net >> alvina.ash.spotify.net >> annalise.ash.spotify.net is alive >> annmarie.ash.spotify.net is alive >> alvina.ash.spotify.net is alive >> >> but ipsec statusall has no SA for them. (see ipsec-statusall.txt) >> >> please also find attached annalises and taylors ipsec.conf. the other >> hosts' ipsec.conf is equivalent. there is always one initiator for >> each connection. >> > > _______________________________________________ > Users mailing list > Users@lists.strongswan.org > https://lists.strongswan.org/mailman/listinfo/users -- ====================================================================== Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users