[Openswan dev] Openswan/klips vs. snmpd [Was: Re:
[debian-openswan] System hangs with OpenS/WAN]
Ken Bantoft
ken at xelerance.com
Fri Jul 30 17:06:08 CEST 2004
On Wed, 28 Jul 2004, Nate Carlson wrote:
> [Crossposting message originally posted to the Debian openswan list to
> openswan-dev. Summary: Debian box, 2.4.25 vanilla kernel, Openswan 2.1.3
> with KLIPS, box also running snmpd. Box hangs a few minutes after
> Openswan started; works fine with FreeS/WAN.]
>
> On Wed, 28 Jul 2004, Christoph Haas wrote:
> > Yes. I had bad experiences with the built-in IPSec implementation (via
> > the netfilter module) and wanted to have tools like "ipsec eroute" to
> > control (and view) the tunnels. The kernel IPSec has hidden so much that
> > I never knew where I should look for configuration problems. This may
> > have changed since I last checked.
http://ken.bantoft.org/eroute <-- perl wrapper on setkey for useful
output.
> > I am. snmpd-5.1-5.
>
> That's the likely culprit. I've had the same problem (Openswan on a box
> with snmpd causes issues); in my experience, it happens when the snmp
> daemon gets queried. I switched to the tinysnmp daemon, and the hangs went
> away - if it's do-able for you, can you try either turning off snmpd or
> switching to the tiny daemon, and see if you still get these hangs?
>
> Openswan developers, has anyone had a chance to look into the root cause
> of this yet? Would it be helpful if I set up a UML session which will
> exhibit this problem?
Haven't had a chance to set something up to duplicate this. UML's
definatly welcome!
Ken
More information about the Dev
mailing list