Hello,
Experiencing an issue with version 5.8.0. We have two gateways in an HA
arrangement. When the current master goes down, the backup takes over ok but
when the old master comes backup (as the back up) and attempts to the re-sync
the tunnel list from the new master (took over for the old master when the
master was rebooted), I see the following msgs in the charon.log:
Nov 30 04:10:40.571 01[CFG] HA: accepted new connection request from
fd00:2600:2600:115:1::1 # The rebooted old master is now coming back up
Nov 30 04:10:40.571 01[CFG] HA: successfully accepted incoming connection
# The rebooted old master starts its
strongswan HA "sync" connection to us (the new master)
Nov 30 04:10:41.569 05[CFG] resyncing HA segment 1
Nov 30 04:10:41.995 05[CFG] HA: failed to receive 4 bytes : Connection reset by
peer
Nov 30 04:10:41.995 05[CFG] HA: failed to read size (4 bytes)
Nov 30 04:10:41.995 05[CFG] HA: pulling message failed
Nov 30 04:10:41.995 05[DMN] thread 5 received 11
# charon crashes??
Nov 30 04:10:41.995 06[CFG] HA: failed to send 17284930 bytes: Bad file
descriptor
Nov 30 04:10:41.995 01[CFG] HA: accepted new connection request from
fd00:2600:2600:115:1::1
Nov 30 04:10:41.995 01[CFG] HA: successfully accepted incoming connection
Nov 30 04:10:42.615 00[LIB] openssl FIPS mode(1) - enabled
# charon restarts ???
Nov 30 04:10:42.622 00[CFG] crl caching to /etc/ike/swanctl/x509crl enabled
Nov 30 04:10:42.622 00[CFG] loaded 0 RADIUS server configurations
3 questions:
1. The crash appears to have been caused by the "pulling message failed
condition?
2. I don't find a core anywhere, should charon have generated a core as
result of the "thread 5 received 11" condition?
3. Are there significant HA fixes/enhancements in strongswan 5.9.x ? Maybe
we should upgrade?
thx
Dave Finley
[email protected]<mailto:[email protected]>
(630) 719-4391 (desk)
(630) 740-5198 (mobile)
