Project

General

Profile

Actions

Bug #9106

closed

strongSwan 5.7.1 will not start on some 2.4.4/2.4.5 systems, log shows "charon has quit: integrity test of libstrongswan failed"

Added by Jim Pingle about 6 years ago. Updated about 6 years ago.

Status:
Resolved
Priority:
High
Assignee:
Category:
IPsec
Target version:
Start date:
11/09/2018
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.4.4
Affected Architecture:
amd64

Description

Some users on 2.4.4 and 2.4.5 snapshots with strongSwan 5.7.1 have found that IPsec is not working.
strongSwan will not start, and the IPsec log shows the following error:

charon has quit: integrity test of libstrongswan failed

See also: https://forum.netgate.com/post/803624

Still gathering information about what this might be. The strongSwan code has a few clues, but we need someone who can reproduce it to increase their logging/debug for "strongSwan lib" to find the specific cause, it appears.

So far we don't have any systems in our labs that can reproduce this condition. If anyone else can reproduce it, please take the following steps:

  • Go to VPN > IPsec, Advanced tab.
  • Under IPsec Logging Controls set strongSwan Lib to Highest, then Save
  • Try to restart IPsec
  • Look in Status > System Logs, IPsec tab for a message about why it failed. Alternately, check clog /var/log/ipsec.log from the shell.

Someone could also try killing charon and then running it again with --debug-lib=3

Keeping this assigned to me in a Feedback state since we need more information before anything can be done to work on a solution.

Actions

Also available in: Atom PDF