My rsa keys were 8k, I thought maybe nss was having a memory problem (like a static-size limit), so I created a whole ca/certs suite w/ 2k keys, same problem.<div><br></div><div>Avesh, any ideas on how much longer you'll be looking at this?</div>
<div><br></div><div>Thanks for your help!<br>
<br><br><div class="gmail_quote">On Tue, Jul 26, 2011 at 6:23 AM, Avesh Agarwal <span dir="ltr"><<a href="mailto:avagarwa@redhat.com">avagarwa@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div class="im">On 07/26/2011 06:48 AM, Kevin Keane wrote:<br>
> Hello Avesh,<br>
><br>
> Thank you so much! The log I sent was everything that I found in /var/log/secure with plutodebug=all; the only thing I did was scramble machine names and IP addresses since that could be sensitive.<br>
><br>
> I added a report to bugzilla as #725699, but did not yet add the barf. There seems to be quite a bit of sensitive information in the barf, such as my iptables firewall configuration, my Sonicwall S/N, etc., things that I'd prefer not to have on bugzilla. Would you mind if I sent it to you by private email?<br>
><br>
> Also, when the problem actually happens, my system becomes inaccessible. I have to then turn off ipsec on the other end. So the barf does not represent the exact moment the problem occurs; I took the barf a few minutes later (with the certs causing the problem still in the database).<br>
><br>
> As for the steps I did to configure Openswan: it is the standard CentOS 5.6 Openswan RPM. openswan-2.6.21-5.el5_6.4 . So other than fiddling with the configuration, I have not done anything unusual.<br>
><br>
> Come to think about it - is it possible that this is a kernel problem? This VM runs on a Rackspace VM, with a Rackspace kernel instead of a stock CentOS kernel.<br>
><br>
</div>It does not seem to be a kernel at first issue as IKE exchange takes<br>
place in user space and NSS library is also user space. However, it is<br>
surprising why it is happening.<br>
<div><div></div><div class="h5">>> Hello Paul, Kevin,<br>
>> I can have a look at it. Kevin can you please put a complete output of ipsec barf instead of truncated ones somewhere, may be on <a href="http://bugzilla.redhat.com" target="_blank">bugzilla.redhat.com</a>? Also, if you can provide the exact steps you followed to configure openswan that would also help.<br>
>> --<br>
>> Thanks and Regards<br>
>> Avesh<br>
> _______________________________________________<br>
> <a href="mailto:Users@openswan.org">Users@openswan.org</a><br>
> <a href="http://lists.openswan.org/mailman/listinfo/users" target="_blank">http://lists.openswan.org/mailman/listinfo/users</a><br>
> Micropayments: <a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy" target="_blank">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a><br>
> Building and Integrating Virtual Private Networks with Openswan:<br>
> <a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155" target="_blank">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a><br>
<br>
<br>
--<br>
Thanks and Regards<br>
Avesh<br>
<br>
_______________________________________________<br>
<a href="mailto:Users@openswan.org">Users@openswan.org</a><br>
<a href="http://lists.openswan.org/mailman/listinfo/users" target="_blank">http://lists.openswan.org/mailman/listinfo/users</a><br>
Micropayments: <a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy" target="_blank">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a><br>
Building and Integrating Virtual Private Networks with Openswan:<br>
<a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155" target="_blank">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a><br>
</div></div></blockquote></div><br></div>