Actions
Bug #6160
closed
strongswan can start twice in some cases, leading to non-functional IPsec
Start date:
04/14/2016
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.3
Affected Architecture:
Description
If vpn_ipsec_configure is called twice at almost exactly the same time, 'ipsec start' will run twice and it will start twice. Normally that's not possible because it checks for the PID, but if it's close enough together two instances can start. You end up with logs like:
Apr 13 19:32:38 charon 07[KNL] error sending to PF_KEY socket: No buffer space available no socket implementation registered, sending failed
This has always been possible in theory, but something in 2.3/strongswan 5.4.0 makes it happen where it doesn't appear to have ever happened previously.
Putting a lock around vpn_ipsec_configure confirmed to fix, commit coming momentarily.
Updated by Chris Buechler over 8 years ago
- Status changed from Confirmed to Feedback
that change confirmed to work on a customer system hitting the problem.
Updated by Chris Buechler over 8 years ago
- Status changed from Feedback to Resolved
multiple people seeing this issue confirmed fixed
Actions