Hi Martin,--On Friday, July 11, 2014 09:52:40 AM +0200 Martin Willi <mar...@strongswan.org> wrote:
1. I get this error on both systems after upgrade: ipsec_starter[3318]: notifying watcher failed: Broken pipeHm, interesting, not sure were this broken pipe could come from, nor do I see this error on my 64bit Wheezy. Can you provide a little more context to this error message? What gets logged before/after this error?
Jul 10 10:31:28 media charon: 00[CFG] loaded crl from '/etc/ipsec.d/crls/crl.pem'
Jul 10 10:31:28 media charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'
Jul 10 10:31:28 media charon: 00[CFG] loaded RSA private key from '/etc/ipsec.d/private/dhaKey.pem'
Jul 10 10:31:28 media charon: 00[CFG] loaded RSA private key from '/etc/ipsec.d/private/dhanetKey.pem'
Jul 10 10:31:28 media ipsec_starter[1712]: charon (1713) started after 100 ms
Jul 10 10:31:28 media charon: 03[CFG] received stroke: add connection 'dhanet'
Jul 10 10:31:28 media charon: 03[CFG] left nor right host is our side, assuming left=local
Jul 10 10:31:28 media charon: 03[CFG] loaded certificate "MYCERT" from 'dhanetCert.pem'
Jul 10 10:31:28 media charon: 03[CFG] added configuration 'dhanet'Jul 10 10:31:28 media ipsec_starter[1712]: notifying watcher failed: Broken pipe
Jul 10 10:31:28 media charon: 06[CFG] received stroke: initiate 'dhanet'
Jul 10 10:31:28 media charon: 06[IKE] initiating IKE_SA dhanet[1] to SERVERIP
Jul 10 10:31:28 media charon: 06[NET] sending packet: from LOCALIP[500] to SERVERIP[500] (452 bytes)
Jul 10 10:31:28 media ipsec_starter[1712]: notifying watcher failed: Broken pipe
Jul 10 10:31:28 media charon: 08[NET] received packet: from SERVERIP[500] to LOCALIP[500] (465 bytes)
Jul 10 10:31:28 media charon: 08[IKE] local host is behind NAT, sending keep alives
Jul 10 10:31:28 media charon: 08[IKE] received cert request for "CACERT"
Jul 10 10:31:28 media charon: 08[IKE] sending cert request for "CACERT"Jul 10 10:31:28 media charon: 08[IKE] authentication of 'MYCERT' (myself) with RSA signature successful
Debuglevel was: charondebug="cfg 2 ike 2, knl 2, net 2"
What further information would you need, what debug levels should I use?After building strongSwan, can you try to run "make check" on this system? Do the watcher/stream tests complete successfully?
yes no problems reported. Passed all 4 'watcher' test cases Passed all 4 'stream' test cases the same on both gateways.
If not, the output ofTESTS_VERBOSITY=2 TESTS_SUITES="watcher, stream" make checkcould help in debugging this issue.
Thanks Dirk
pgpFIyQe4FAX0.pgp
Description: PGP signature
_______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users