[Openswan dev] [Openswan Users] pfkey write failed
Paul Wouters
paul at xelerance.com
Tue Apr 20 08:07:56 EDT 2010
On Mon, 19 Apr 2010, Arnoud Tijssen wrote:
> Recently our openswan generated the following error:
>
> /usr/local/libexec/ipsec/spi: pfkey write failed (errno=28): no room in kernel SAref table. Cannot process request.
Forwarding to dev@ list.
> The system had enough memory and free disk space. We`re running openswan 2.4.13. After we stopped the ipsec service and openswan wasn`t running anymore we still saw a list with more spi values than vpn`s. Some of our vpn`s were still processing datastreams, and some were unable to re-establish a connection with the peers.
> What did happen here and why did we keep all of these spi values after the ipsec daemon stopped entirely?
It looks like openswan got a bad state, so it could no longer clear the kernel
SPD/SAD state, hence your lingering working tunnels. Re-establishing after
restarting openswan should work but perhaps there were more errors in the kernel
state preventing the userland from talking to it.
What version of userland/kernel/klips was this?
Paul
More information about the Dev
mailing list