Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 6 replies
  • Subscribers 41 subscribers
  • Views 1640 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

"HA RESYNC: we are not master" in strongswan.log / XG 17.5.8

mxull

Hi Guys,

we are getting the following error every second in the strongswan.log

I have seen post about this error message for UTM but not for XG.


2019-10-16 10:41:44 09[CFG] HA RESYNC: we are not master, requesting RESYNC ourselves
2019-10-16 10:41:44 09[CFG] requesting HA resynchronization
2019-10-16 10:41:44 09[CFG] HA RESYNC: we are not master, requesting RESYNC ourselves
2019-10-16 10:41:44 09[CFG] requesting HA resynchronization


Already tried to Resync the auxiliary device, but the error still occurs.

If someone has already received this message on their appliance


Kind Regards,

Max



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to lferrara

    Did you manage to resolve this issue? 

     

    We are experiencing the exact same thing. HA looks fine, but strongswan.log file is full of 


    XG125_XN02_SFOS 17.5.9 MR-9# tail -n 10 strongswan.log
    2020-01-09 13:34:15 10[CFG] HA RESYNC: we are not master, requesting RESYNC ourselves
    2020-01-09 13:34:15 10[CFG] requesting HA resynchronization
    2020-01-09 13:34:15 10[CFG] HA RESYNC: we are not master, requesting RESYNC ourselves
    2020-01-09 13:34:15 10[CFG] requesting HA resynchronization
    2020-01-09 13:34:15 10[CFG] HA RESYNC: we are not master, requesting RESYNC ourselves
    2020-01-09 13:34:15 10[CFG] requesting HA resynchronization
    2020-01-09 13:34:15 10[CFG] HA RESYNC: we are not master, requesting RESYNC ourselves
    2020-01-09 13:34:15 10[CFG] requesting HA resynchronization
    2020-01-09 13:34:15 10[CFG] HA RESYNC: we are not master, requesting RESYNC ourselves
    2020-01-09 13:34:15 10[CFG] requesting HA resynchronization

  • FormerMember
    0 FormerMember in reply to Olivier Rombaut

    Hi Olivier Rombaut,

    I have seen those logs before in one of my case where current appliance was not the configured licensed master and IPsec logs were full of those log entries.

    Can you please provide output of this command from advanced shell "nvram get '#'li.master" 

    Thanks,

  • 0 in reply to FormerMember

    XG125_XN02_SFOS 17.5.9 MR-9# nvram get '#'li.master
    YES

     

    Whats rather weird is that the charon process is using high cpu all the time 

    PID PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
    4077 20 0 1337m 7460 2200 S 42.1 0.2 11060:30 charon

     

    console> system ha show details
    HA status : Enabled
    Current Appliance Key : C1609ABCXY7MP1F
    Peer Appliance Key : C1609AB3V6QRTB6
    Current HA state : Primary
    Peer HA state : Auxiliary
    HA Config Mode : Active-Passive
    Load Balancing : Not Applicable
    Dedicated Port : Port4
    Current Dedicated IP : 10.10.2.41
    Peer Dedicated IP : 10.10.2.42
    Monitoring Port :
    Auxiliary Admin Port : br0
    Auxiliary Admin IP : 172.29.3.206
    Auxiliary Admin IPv6 :
    Peer Admin Port : Port8 (This port will be made as admin port on peer appliance after disable HA)

Unfiltered HTML