On Tue, May 24, 2011 at 8:48 AM, Andreas Schuldei <[email protected]> wrote: > On Mon, May 23, 2011 at 11:44 PM, Andreas Steffen > <[email protected]> wrote: >> Hello Andreas, >> >> debugging these many connections might be easier using the >> condensed /var/log/auth.log which has the following entries: >> >> http://www.strongswan.org/uml/testresults45/ikev2/dpd-restart/carol.auth.log > > the auth.log was still huge on taylor. > > i attempted to start from a clean slate today and did this on all > machines in the test bed: > > /etc/init.d/ipsec stop > rm -f /var/run/charon.pid /var/run/starter.pid /var/run/charon.ctl > /etc/init.d/ipsec stop > logrotate -f /etc/logrotate.conf > ip xfrm policy flush > /etc/network/if-up.d/ssh-outside-ipsec # this adds xfrm policy for > port 500UDP and ssh traffic to NOT go through ipsec > /etc/init.d/ipsec start > > and again taylor got immediate problems with the three hosts, just > like yesterday. We dont have additional firewall rules that limit > traffic between these hosts. Other hosts in the ash.spotify.net domain > dont have problems either. > Can something else get confused? > is there more state somewhere?
do i need to unload the xfrm modules? the connections between hosts, once turned bad, remained bad until i rebooted the machines in question. since then (last few hours) it works nicely. but rebooting is not a real option, of course. and connections going into a state that is unrecoverable is not so good, either. _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
