[Openswan dev] Re: Openswan/klips vs. snmpd [Was: Re: [debian-openswan] System hangs with OpenS/WAN]

Christoph Haas email at christoph-haas.de
Wed Jul 28 21:24:57 CEST 2004 

On Wed, Jul 28, 2004 at 10:59:02AM -0500, Nate Carlson wrote:
> [Crossposting message originally posted to the Debian openswan list to
> openswan-dev. Summary: Debian box, 2.4.25 vanilla kernel, Openswan 2.1.3
> with KLIPS, box also running snmpd. Box hangs a few minutes after
> Openswan started; works fine with FreeS/WAN.]
> 
> On Wed, 28 Jul 2004, Christoph Haas wrote:
> > Yes. I had bad experiences with the built-in IPSec implementation (via
> > the netfilter module) and wanted to have tools like "ipsec eroute" to
> > control (and view) the tunnels. The kernel IPSec has hidden so much that
> > I never knew where I should look for configuration problems. This may
> > have changed since I last checked.
> 
> Yeah, I'm still liking KLIPS for the same reason.
> 
> > I am. snmpd-5.1-5.
> 
> That's the likely culprit. I've had the same problem (Openswan on a box
> with snmpd causes issues); in my experience, it happens when the snmp
> daemon gets queried. I switched to the tinysnmp daemon, and the hangs went
> away - if it's do-able for you, can you try either turning off snmpd or
> switching to the tiny daemon, and see if you still get these hangs?

Good hint. I had never thought the snmpd would be the cause (or at least
the destruction trigger). :)

I started the system with openswan installed and loaded. It worked fine
for a while. Then I started the snmpd. The system still worked. Then I
did an snmpwalk and the system hang. All I got was 34 lines of snmpwalk
output (until right after the uptime.9). Then the snmpd died. No kernel
panic though - just that the system began to be very uncooperative in
means of network communication. I did not find a way to get it back to a
stable state - just rebooting helped.

If I can I will gladly help you investigate the problem. But in the
meantime I think I will stick to FreeS/WAN.

 Christoph

-- 
~
~
".signature" [Modified] 3 lines --100%--                3,41         All

More information about the Dev mailing list