[Openswan dev] OpenSwan 2.6.10-1 on OpenWrt 7.09 consistently hangs on large HTTP file transfer
starlight at binnacle.cx
starlight at binnacle.cx
Sun Dec 2 15:23:11 EST 2007
After approximately 6GB of a HTTP file transfer through OpenSWAN,
it locks up suddenly and completely. All remaining OpenWRT
router functions continue to function normally.
Need some help on how to collect details for diagnosing the
problem. Everything looks normal, no error messages of any kind
in the 'syslogd' log captured on a Linux server. 'dmesg' output
from router is equally devoid of any diagnostic messages.
'ipsec whack --status' output (attached) looks fine to me.
Rebooting the router brings it back immediately.
Had this same issue with OpenWRT 0.9 running OpenSWAN
2.4.8 except the router would crash/reboot.
-------------- next part --------------
version 2.0
config setup
interfaces=%defaultroute
nat_traversal=no
klipsdebug=none
plutodebug=none
conn SouthEdge
left= %defaultroute
leftnexthop= %defaultroute
right= 10.13.73.228
rightsubnet= 10.13.75.38/32
authby= secret
auto= start
conn QRT1
left= %defaultroute
leftnexthop= %defaultroute
right= 10.13.73.228
rightsubnet= 10.81.82.1/32
authby= secret
auto= start
conn QRT3
left= %defaultroute
leftnexthop= %defaultroute
right= 10.13.73.228
rightsubnet= 10.81.82.3/32
authby= secret
auto= start
conn QRT4
left= %defaultroute
leftnexthop= %defaultroute
right= 10.13.73.228
rightsubnet= 10.81.82.4/32
authby= secret
auto= start
conn QRT5
left= %defaultroute
leftnexthop= %defaultroute
right= 10.13.73.228
rightsubnet= 10.81.82.5/32
authby= secret
auto= start
# Disable Opportunistic Encryption.
conn block
auto=ignore
conn private
auto=ignore
conn private-or-clear
auto=ignore
conn clear-or-private
auto=ignore
conn clear
auto=ignore
conn packetdefault
auto=ignore
-------------- next part --------------
000 interface ipsec0/eth0.1 10.95.187.105
000 %myid = (none)
000 debug none
000
000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=64, keysizemin=192, keysizemax=192
000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=128, keysizemin=128, keysizemax=256
000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, keysizemax=128
000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160, keysizemax=160
000
000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8, keydeflen=192
000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16, keydeflen=128
000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16
000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20
000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
000
000 stats db_ops.c: {curr_cnt, total_cnt, maxsz} :context={0,0,0} trans={0,0,0} attrs={0,0,0}
000
000 "XXX1": 10.95.187.105---10.95.187.106...10.13.73.228===10.81.82.1/32; erouted; eroute owner: #34
000 "XXX1": srcip=unset; dstip=unset; srcup=ipsec _updown; dstup=ipsec _updown;
000 "XXX1": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
000 "XXX1": policy: PSK+ENCRYPT+TUNNEL+PFS+UP; prio: 32,32; interface: eth0.1; encap: esp;
000 "XXX1": newest ISAKMP SA: #0; newest IPsec SA: #34;
000 "XXX3": 10.95.187.105---10.95.187.106...10.13.73.228===10.81.82.3/32; erouted; eroute owner: #33
000 "XXX3": srcip=unset; dstip=unset; srcup=ipsec _updown; dstup=ipsec _updown;
000 "XXX3": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
000 "XXX3": policy: PSK+ENCRYPT+TUNNEL+PFS+UP; prio: 32,32; interface: eth0.1; encap: esp;
000 "XXX3": newest ISAKMP SA: #0; newest IPsec SA: #33;
000 "XXX4": 10.95.187.105---10.95.187.106...10.13.73.228===10.81.82.4/32; erouted; eroute owner: #35
000 "XXX4": srcip=unset; dstip=unset; srcup=ipsec _updown; dstup=ipsec _updown;
000 "XXX4": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
000 "XXX4": policy: PSK+ENCRYPT+TUNNEL+PFS+UP; prio: 32,32; interface: eth0.1; encap: esp;
000 "XXX4": newest ISAKMP SA: #0; newest IPsec SA: #35;
000 "XXX5": 10.95.187.105---10.95.187.106...10.13.73.228===10.81.82.5/32; erouted; eroute owner: #36
000 "XXX5": srcip=unset; dstip=unset; srcup=ipsec _updown; dstup=ipsec _updown;
000 "XXX5": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
000 "XXX5": policy: PSK+ENCRYPT+TUNNEL+PFS+UP; prio: 32,32; interface: eth0.1; encap: esp;
000 "XXX5": newest ISAKMP SA: #0; newest IPsec SA: #36;
000 "YYYY": 10.95.187.105---10.95.187.106...10.13.73.228===10.13.75.38/32; erouted; eroute owner: #32
000 "YYYY": srcip=unset; dstip=unset; srcup=ipsec _updown; dstup=ipsec _updown;
000 "YYYY": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
000 "YYYY": policy: PSK+ENCRYPT+TUNNEL+PFS+UP; prio: 32,32; interface: eth0.1; encap: esp;
000 "YYYY": newest ISAKMP SA: #0; newest IPsec SA: #32;
000
000 #40: "XXX1":500 STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_EXPIRE in 436s; lastdpd=-1s(seq in:0 out:0)
000 #41: "XXX1":500 STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 1942s; lastdpd=-1s(seq in:0 out:0)
000 #34: "XXX1":500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 14857s; newest IPSEC; eroute owner
000 #34: "XXX1" used 5s ago; esp.79fd3031 at 10.13.73.228 esp.1f1b92da at 10.95.187.105 tun.101a at 10.13.73.228 tun.1019 at 10.95.187.105
000 #33: "XXX3":500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 14734s; newest IPSEC; eroute owner
000 #33: "XXX3" esp.3c4d2ca at 10.13.73.228 esp.1f1b92d9 at 10.95.187.105 tun.1018 at 10.13.73.228 tun.1017 at 10.95.187.105
000 #35: "XXX4":500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 14973s; newest IPSEC; eroute owner
000 #35: "XXX4" esp.f7073ad2 at 10.13.73.228 esp.1f1b92db at 10.95.187.105 tun.101c at 10.13.73.228 tun.101b at 10.95.187.105
000 #36: "XXX5":500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 14950s; newest IPSEC; eroute owner
000 #36: "XXX5" used 245s ago; esp.a611ce93 at 10.13.73.228 esp.1f1b92dc at 10.95.187.105 tun.101e at 10.13.73.228 tun.101d at 10.95.187.105
000 #32: "YYYY":500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 14572s; newest IPSEC; eroute owner
000 #32: "YYYY" used 5s ago; esp.b1bac744 at 10.13.73.228 esp.1f1b92d8 at 10.95.187.105 tun.1016 at 10.13.73.228 tun.1015 at 10.95.187.105
000
More information about the Dev
mailing list