Support Center > Search Results > SecureKnowledge Details
VPND Restarts and Portals are not accessible when VPND cannot resolve CRL Technical Level
Symptoms
  • VPN tunnels are not coming up.
  • Portals such as Mobile Access, platform portal, and IA portal cannot be accessed via the browser.
  • The PID of vpnd changes every ~5 minutes.
  • Debug of cpwd shows that cpwd monitoring kills vpnd because vpnd is not responding.
    [cpWatchDog 4096 2012661968]@MG2[22 Jan 19:49:55] [INFO] Signal was sent to process vpnd (pid=29058)
    [cpWatchDog 4096 2012661968]@MG2[22 Jan 19:50:25] [ERROR] vpnd (pid=29058) did not send keep-alive message for 7 number of times
    [cpWatchDog 4096 2012661968]@MG2[22 Jan 19:50:25] [SUCCESS] Killed process vpnd with pid 29058
  • Debug of fwd shows it restarts the vpnd since it is not running, fwd.elg shows "restarting vpnd".
  • Issue occurs often at upgrade, or when installing a new certificate for one of the portals.
  • In VPND debug one or some of the following Errors are shown: 1.fwasync_do_mux_out: 30: write: Broken pipe 2.resolver_gethostbyname: Failed to resolve hostname 3.getaddrinfo failed. reason=Name or service not known 4.failed to send pid XXXXX to fwd, exiting.: Broken pipe 5.[SIC] SIC Error for rop: Authentication error
Cause

The VPND is busy trying to resolve the CRL FQDN address of the gateway's portals certificate via DNS, but gets no response. Until the CRL FQDN entry is resolved, VPND will fail.

Since vpnd is used for SSL handshake of multi-portal, portals are not responding.

When VPND does not respond to CPWD monitoring, VPND is killed by CPWD monitoring and is restarted by FWD. 


Solution
Note: To view this solution you need to Sign In .