Re: [strongSwan] Small Problems with 5.2

Fri, 11 Jul 2014 05:15:39 -0700 

Hi Martin,
--On Friday, July 11, 2014 09:52:40 AM +0200 Martin Willi <mar...@strongswan.org> wrote: 


1. I get this error on both systems after upgrade:
ipsec_starter[3318]: notifying watcher failed: Broken pipe


Hm, interesting, not sure were this broken pipe could come from, nor
do I see this error on my 64bit Wheezy.

Can you provide a little more context to this error message? What gets
logged before/after this error?



Jul 10 10:31:28 media charon: 00[CFG]   loaded crl from 
'/etc/ipsec.d/crls/crl.pem'



Jul 10 10:31:28 media charon: 00[CFG] loading secrets from 
'/etc/ipsec.secrets'



Jul 10 10:31:28 media charon: 00[CFG]   loaded RSA private key from 
'/etc/ipsec.d/private/dhaKey.pem'



Jul 10 10:31:28 media charon: 00[CFG]   loaded RSA private key from 
'/etc/ipsec.d/private/dhanetKey.pem'



Jul 10 10:31:28 media ipsec_starter[1712]: charon (1713) started after 
100 ms



Jul 10 10:31:28 media charon: 03[CFG] received stroke: add connection 
'dhanet'



Jul 10 10:31:28 media charon: 03[CFG] left nor right host is our side, 
assuming left=local



Jul 10 10:31:28 media charon: 03[CFG]   loaded certificate "MYCERT" 
from 'dhanetCert.pem'


Jul 10 10:31:28 media charon: 03[CFG] added configuration 'dhanet'


Jul 10 10:31:28 media ipsec_starter[1712]: notifying watcher failed: 
Broken pipe



Jul 10 10:31:28 media charon: 06[CFG] received stroke: initiate 
'dhanet'



Jul 10 10:31:28 media charon: 06[IKE] initiating IKE_SA dhanet[1] to 
SERVERIP



Jul 10 10:31:28 media charon: 06[NET] sending packet: from LOCALIP[500] 
to SERVERIP[500] (452 bytes)



Jul 10 10:31:28 media ipsec_starter[1712]: notifying watcher failed: 
Broken pipe



Jul 10 10:31:28 media charon: 08[NET] received packet: from 
SERVERIP[500] to LOCALIP[500] (465 bytes)



Jul 10 10:31:28 media charon: 08[IKE] local host is behind NAT, sending 
keep alives



Jul 10 10:31:28 media charon: 08[IKE] received cert request for 
"CACERT"


Jul 10 10:31:28 media charon: 08[IKE] sending cert request for "CACERT"


Jul 10 10:31:28 media charon: 08[IKE] authentication of 'MYCERT' 
(myself) with RSA signature successful


Debuglevel was:
charondebug="cfg 2 ike 2, knl 2, net 2"


What further information would you need, what debug levels should I
use?


After building strongSwan, can you try to run "make check" on this
system? Do the watcher/stream tests complete successfully?


yes no problems reported.

 Passed all 4 'watcher' test cases

 Passed all 4 'stream' test cases


the same on both gateways.


If not, the
output of


TESTS_VERBOSITY=2 TESTS_SUITES="watcher, stream" make check


could help in debugging this issue.



Thanks
Dirk


Attachment:
pgpFIyQe4FAX0.pgp

Description: PGP signature


_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users





















					Reply via email to