[Openswan dev] Openswan/klips vs. snmpd [Was: Re: [debian-openswan] System hangs with OpenS/WAN]

Nate Carlson natecars at natecarlson.com
Wed Jul 28 11:59:02 CEST 2004

[Crossposting message originally posted to the Debian openswan list to
openswan-dev. Summary: Debian box, 2.4.25 vanilla kernel, Openswan 2.1.3
with KLIPS, box also running snmpd. Box hangs a few minutes after
Openswan started; works fine with FreeS/WAN.]

On Wed, 28 Jul 2004, Christoph Haas wrote:
> Yes. I had bad experiences with the built-in IPSec implementation (via
> the netfilter module) and wanted to have tools like "ipsec eroute" to
> control (and view) the tunnels. The kernel IPSec has hidden so much that
> I never knew where I should look for configuration problems. This may
> have changed since I last checked.

Yeah, I'm still liking KLIPS for the same reason.

> I am. snmpd-5.1-5.

That's the likely culprit. I've had the same problem (Openswan on a box
with snmpd causes issues); in my experience, it happens when the snmp
daemon gets queried. I switched to the tinysnmp daemon, and the hangs went
away - if it's do-able for you, can you try either turning off snmpd or
switching to the tiny daemon, and see if you still get these hangs?

Openswan developers, has anyone had a chance to look into the root cause
of this yet? Would it be helpful if I set up a UML session which will
exhibit this problem?

| nate carlson | natecars at natecarlson.com | http://www.natecarlson.com |
|       depriving some poor village of its idiot since 1981            |

More information about the Dev mailing list