[Openswan Users] "can not start crypto helper: failed to find any available worker" temporary errors

Sean Knox sean at obstacle9.com
Fri May 27 02:48:03 CEST 2005 

I have an ipsec.conf with multiple connections set to start 
automatically. Phase 1 finishes fine, however, IPSec SAs for some of 
these connections fail to start with a "can not start crypto helper: 
failed to find any available worker" error. As soon as I send some 
traffic over the tunnel (e.g. a ICMP ping), an IPSec SA is established. 
What causes this? Log snippet below.

thanks,
sk

May 27 01:36:40 localhost pluto[15290]: "hosted" #1: I am sending my cert
May 27 01:36:40 localhost pluto[15290]: "hosted" #1: I am sending a 
certificate request
May 27 01:36:40 localhost pluto[15290]: "hosted" #1: transition from 
state STATE_MAIN_I2 to state STATE_MAIN_I3
May 27 01:36:40 localhost pluto[15290]: "hosted" #1: Main mode peer ID 
is ID_FQDN: '@fw9.craigslist.org'
May 27 01:36:40 localhost pluto[15290]: "hosted" #1: no crl from issuer 
"C=US, ST=CA, L=San Francisco, CN=obstacle9 CA" found (strict=no)
May 27 01:36:40 localhost pluto[15290]: "hosted" #1: transition from 
state STATE_MAIN_I3 to state STATE_MAIN_I4
May 27 01:36:40 localhost pluto[15290]: "hosted" #1: ISAKMP SA established
May 27 01:36:40 localhost pluto[15290]: "sec" #2: initiating Quick Mode 
RSASIG+ENCRYPT+TUNNEL+PFS+UP {using isakmp#1}
May 27 01:36:40 localhost pluto[15290]: "prod" #3: initiating Quick Mode 
RSASIG+ENCRYPT+TUNNEL+PFS+UP {using isakmp#1}
May 27 01:36:40 localhost pluto[15290]: "dmz" #4: initiating Quick Mode 
RSASIG+ENCRYPT+TUNNEL+PFS+UP {using isakmp#1}
May 27 01:36:40 localhost pluto[15290]: "dmz" #4: can not start crypto 
helper: failed to find any available worker
May 27 01:36:40 localhost pluto[15290]: "hosted" #5: initiating Quick 
Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP {using isakmp#1}
May 27 01:36:40 localhost pluto[15290]: "hosted" #5: can not start 
crypto helper: failed to find any available worker
May 27 01:36:41 localhost pluto[15290]: "sec" #2: transition from state 
STATE_QUICK_I1 to state STATE_QUICK_I2
May 27 01:36:41 localhost pluto[15290]: "sec" #2: sent QI2, IPsec SA 
established {ESP=>0xaf919828 <0x39c83ffd}
May 27 01:36:41 localhost pluto[15290]: "prod" #3: transition from state 
STATE_QUICK_I1 to state STATE_QUICK_I2
May 27 01:36:41 localhost pluto[15290]: "prod" #3: sent QI2, IPsec SA 
established {ESP=>0x66b8c2b7 <0xb36d372b}

(ping is sent to a host in the "hosted" connection"

May 27 01:37:06 localhost pluto[15290]: "hosted" #6: initiating Quick 
Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP {using isakmp#1}
May 27 01:37:07 localhost pluto[15290]: "hosted" #6: transition from 
state STATE_QUICK_I1 to state STATE_QUICK_I2
May 27 01:37:07 localhost pluto[15290]: "hosted" #6: sent QI2, IPsec SA 
established {ESP=>0xb24fd876 <0x6ec862aa}

More information about the Users mailing list