Project

General

Profile

Actions

Bug #6160

closed

strongswan can start twice in some cases, leading to non-functional IPsec

Added by Chris Buechler over 8 years ago. Updated over 8 years ago.

Status:
Resolved
Priority:
High
Category:
IPsec
Target version:
Start date:
04/14/2016
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.3
Affected Architecture:

Description

If vpn_ipsec_configure is called twice at almost exactly the same time, 'ipsec start' will run twice and it will start twice. Normally that's not possible because it checks for the PID, but if it's close enough together two instances can start. You end up with logs like:

Apr 13 19:32:38   charon      07[KNL] error sending to PF_KEY socket: No buffer space available
no socket implementation registered, sending failed

This has always been possible in theory, but something in 2.3/strongswan 5.4.0 makes it happen where it doesn't appear to have ever happened previously.

Putting a lock around vpn_ipsec_configure confirmed to fix, commit coming momentarily.

Actions

Also available in: Atom PDF