Bug #13014
Updated by Marcos M almost 2 years ago
The charon.vici daemon can get in a bad state where all of the qlen slots are "hung". This causes the Status --> IPSec and other webConfigurator elements to not properly display status. This may does not always affect the actual tunnel tunnels in any way and those will continue to pass traffic, but you cannot restart any of the tunnels, manually disconnect or connect them, restart the IPSec service, view the connected status of any Phase 1 or 2 tunnels, etc. When this happens you will start seeing the following in the System Logs: kernelsonewconn: pcb 0xfffff8011994b700: Listen queue overflow: 5 already in queue awaiting acceptance (1 occurrences) You will also see this in netstat: Current listen queue sizes (qlen/incqlen/maxqlen) unix 5/0/3 /var/run/charon.vici