Error Writing To Socket Invalid Argument
Contents |
to report a new issue. Issue #1530 strongswan often reports "error writing to socket: Invalid argument" during negotiation with load-tester for 5000 conns. Added by charon: 10[net] error writing to socket: invalid argument Bin Liu 4 months ago. Updated 3 months ago. Status:FeedbackStart date:23.06.2016Priority:NormalAssignee:-Category:-
Traffic Selectors Inacceptable
Affected version:5.4.0 Resolution: Description hi,client is load-tester, server is security gateway using strongswan.load-tester: load-tester { load failed_cp_required = yes enable = yes #initiators = 1 #iterations = 100 delay = 200 addrs { ens255f0 = 10.10.0.0/18 } addrs_prefix = 8 responder = 10.11.1.1 proposal = received failed_cp_required notify, no child_sa built aes128-sha1-modp1024 esp = aes128-sha1 initiator_auth = psk responder_auth = psk request_virtual_ip = yes ike_rekey = 0 child_rekey = 7200 initiator_tsr = 192.0.0.0/8 delete_after_established = no shutdown_when_complete = no } server: [root@localhost ln]# cat /etc/ipsec/ipsec.conf config setup conn tt reauth=no rekey=no dpdaction = none #replay_window = 0 keyingtries=%forever keyexchange=ikev2 ike=aes128-sha1-modp1024 left=10.11.1.1 leftsubnet=0.0.0.0/0 #leftikeport=500 #leftsourceip=%config leftauth=psk right=%any
Expected A Virtual Ip Request, Sending Failed_cp_required
rightid = %any leftid = srv.strongswan.org rightauth=psk #rightsubnet=1.1.1.0/24 rightsourceip=1.0.0.0/8 esp=aes-sha1! mobike=no auto=add client initiate 5000 conns by: ipsec load-tester initiate 5000 1 The server often reports "error writing to socket: Invalid argument" during negotiation with load-tester. such as: Jun 23 10:21:29 localhost charon: 17[IKE] received retransmit of request with ID 0, retransmitting response Jun 23 10:21:29 localhost charon: 19[NET] received packet: from 10.10.13.10[500] to 10.11.1.1[500] (328 bytes) Jun 23 10:21:29 localhost charon: 03[NET] error writing to socket: Invalid argument Jun 23 10:21:29 localhost charon: 24[NET] sending packet: from 10.11.1.1[500] to 10.10.13.9[500] (328 bytes) Jun 23 10:21:29 localhost charon: 17[NET] sending packet: from 10.11.1.1[500] to 10.10.13.7[500] (328 bytes) Jun 23 10:21:29 localhost charon: 19[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(HASH_ALG) N(REDIR_SUP) ] Jun 23 10:21:29 localhost charon: 19[IKE] received retransmit of request with ID 0, retransmitting response Jun 23 10:21:29 localhost charon: 03[NET] error writing to socket: Invalid argument Jun 23 10:21:29 localhost charon: 19[NET] sending packet: from 10.11.1.1[500]
date ] [ establishing ike_sa failed, peer not responding thread ] [ subject ] [ author received ts_unacceptable notify, no child_sa built ] Hello, I upgrade to the latest debian package (5.1.2-4~bpo7) today
Charon 03 Net Error Writing To Socket Invalid Argument
and I can no longer start my tunnel. I get messages like these in my syslog. Apr 15 https://wiki.strongswan.org/issues/1530 13:15:37 gw charon: 13[IKE] sending retransmit 1 of request message ID 0, seq 1 Apr 15 13:15:37 gw charon: 13[NET] sending packet: from 192.158.A.B[500] to 194.17.X.Y[500] (188 bytes) Apr 15 13:15:37 gw charon: 08[NET] error writing to https://lists.strongswan.org/pipermail/users/2014-April/005981.html socket: Invalid argument Apr 15 13:15:44 gw charon: 14[IKE] sending retransmit 2 of request message ID 0, seq 1 Apr 15 13:15:44 gw charon: 14[NET] sending packet: from 192.158.A.B[500] to 194.17.X.Y[500] (188 bytes) Apr 15 13:15:44 gw charon: 08[NET] error writing to socket: Invalid argument Do I need to change anything with the new config layout? Previously I had only my connection settings in ipsec.conf (running 5.1.1). All other settings are default. cheers, Otto Previous message: [strongSwan] CRL Next message: [strongSwan] New version: error writing to socket Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] More information about the Users mailing list
to report a new issue. Issue #923 MOBIKE not working on HA cluster Added by Peter Whisker over 1 year ago. Updated over 1 year ago. Status:NewStart date:07.04.2015Priority:NormalAssignee:-Category:charon Affected version:5.1.2 Resolution: Description Hi I have been testing MOBIKE and NAT-T https://wiki.strongswan.org/issues/923 in a HA scenario. I am not having any problems with NAT-T: Apr 2 15:21:40 IrisP-L-2-1 charon: 15[KNL] NAT mappings of ESP CHILD_SA with SPI c620f123 and reqid {3} changed, queuing update job However, with http://comments.gmane.org/gmane.network.vpn.strongswan.user/8227 MOBIKE, there seem to be problems which look like the INFO packet is being processed by the wrong side (I have had some success with MOBIKE in the single server scenario). Again, simply put, do error writing you foresee that there should be issues with HA and MOBIKE or should I carry on trying to make it work. I change the address below on the client from 172.16.10.1 to 172.16.150.1 at time 15:28:46. It looks like the passive side picks up the MOBIKE INFO packets and throws them away "received packet: from 172.16.150.1:4500 to 10.1.0.1:4500 (76 bytes)". Is there something I can do to get MOBIKE working error writing to in a HA cluster? The HA cluster is behind a NAT (172.16.0.1 -> 10.1.0.1) with static port forwarding of 4500 and 500. The idential setup works if I don't have HA enabled. ThanksPeter Client server: ========================== Apr 7 15:28:12 IrisP-L-1 charon: 12[IKE] retransmit 2 of request with message ID 0Apr 7 15:28:12 IrisP-L-1 charon: 12[NET] sending packet: from 172.16.10.1:500 to 172.16.0.1:500 (1308 bytes)Apr 7 15:28:12 IrisP-L-1 charon: 13[NET] received packet: from 172.16.0.1:500 to 172.16.10.1:500 (312 bytes)Apr 7 15:28:12 IrisP-L-1 charon: 13[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(MULT_AUTH) ]Apr 7 15:28:12 IrisP-L-1 charon: 13[IKE] remote host is behind NATApr 7 15:28:12 IrisP-L-1 charon: 13[IKE] sending cert request for "C=UK, O=IRIS, CN=IRIS-P CA" Apr 7 15:28:12 IrisP-L-1 charon: 13[IKE] authentication of 'C=UK, O=IRIS, CN=irisp-l-1' (myself) with RSA signature successfulApr 7 15:28:12 IrisP-L-1 charon: 13[IKE] establishing CHILD_SA gsgwApr 7 15:28:12 IrisP-L-1 charon: 13[ENC] generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) CERTREQ IDr AUTH CPRQ SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) ]Apr 7 15:28:12 IrisP-L-1 charon: 13[NET] sending packet: from 172.16.10.1:4500 to 172.16.0.1:4500 (716 bytes)Apr 7 15:28:12 IrisP-L-1 charon: 11[NET] received packet: from 172.16.0.1:4500 to 172.16.10.1:4500 (524 bytes)Apr 7 15:28:12 IrisP-L-1 charon: 11[ENC] parsed IKE_AUTH response 1 [ IDr AUTH CPRP SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADD