OPNsense Forum
Archive => 17.7 Legacy Series => Topic started by: ekke on September 22, 2017, 01:56:08 am
-
Im getting this error message in the logs, queue full? what does that mean?
Sep 22 01:52:58 charon: 09[JOB] deleting half open IKE_SA with 94.234.170.103 after timeout
Sep 22 01:52:55 charon: 09[IKE] ignoring INFORMATIONAL_V1 request, queue full
Sep 22 01:52:55 charon: 09[NET] received packet: from 94.234.170.103[9039] to 85.225.138.8[4500] (92 bytes)
Sep 22 01:52:55 charon: 09[NET] sending packet: from 85.225.138.8[500] to 94.234.170.103[13590] (429 bytes)
Sep 22 01:52:55 charon: 09[IKE] received retransmit of request with ID 0, retransmitting response
Sep 22 01:52:55 charon: 09[NET] received packet: from 94.234.170.103[9039] to 85.225.138.8[4500] (782 bytes)
Sep 22 01:52:53 charon: 10[IKE] ignoring INFORMATIONAL_V1 request, queue full
Sep 22 01:52:53 charon: 10[NET] received packet: from 94.234.170.103[9039] to 85.225.138.8[4500] (92 bytes)
Sep 22 01:52:52 charon: 10[NET] sending packet: from 85.225.138.8[500] to 94.234.170.103[13590] (429 bytes)
Sep 22 01:52:52 charon: 10[IKE] sending retransmit 3 of response message ID 0, seq 1
Sep 22 01:52:51 charon: 10[IKE] ignoring INFORMATIONAL_V1 request, queue full
Sep 22 01:52:51 charon: 10[NET] received packet: from 94.234.170.103[9039] to 85.225.138.8[4500] (92 bytes)
Sep 22 01:52:51 charon: 10[NET] sending packet: from 85.225.138.8[500] to 94.234.170.103[13590] (429 bytes)
Sep 22 01:52:51 charon: 10[IKE] received retransmit of request with ID 0, retransmitting response
Sep 22 01:52:51 charon: 10[NET] received packet: from 94.234.170.103[9039] to 85.225.138.8[4500] (782 bytes)
Sep 22 01:52:49 charon: 10[IKE] ignoring INFORMATIONAL_V1 request, queue full
-
The bigger question: is it working?
The source code says your client already requested a connection, but asked again which StrongSwan refuses because it wants the process the former one still.
https://github.com/strongswan/strongswan/blob/master/src/libcharon/sa/ikev1/task_manager_v1.c#L1323
Cheers,
Franco
-
thanx for the replay,
no my android mobile says failed unfortunately .
-
duh! I forgot to restart the IPSec service :) Working now....
-
Huh, what changed exactly?
Cheers,
Franco
-
I did also change identifier, but I couldn't get a successfull connection from my mobile until I restarted the IPSec service, which seems abit odd.
-
I also encountered this. Changing P1 only reloads and doesnt restart which is sometimes required
-
Neither phase 1 nor phase 2 restart / reconfigure. Editing on both pages prompts for an "apply" on the main IPsec page that both pages redirect to after a successful save.
Cheers,
Franco