[Openswan dev] OpenSwan 2.6.10-1 on OpenWrt 7.09 consistently hangs on large HTTP file transfer

starlight at binnacle.cx starlight at binnacle.cx
Mon Dec 3 20:08:11 EST 2007

Per the follow-up message, I now suspect the problem was caused 
by some form of insanity in the Cisco VPN firewall.  Check out 
the post as it contains a ping-plotter graph illustrating what 
happened.  The Cisco was restarted in the morning and I was able 
to complete the download with no problems even with the
'ipsec spi' command in the logging loop.

In the case of the short-interval failure, OpenSwan continued
to operate.  It was just refused connections originating on
the other side.

Now I'm running the transfer again to reproduce the 7GB 
blow-out with the logging loop running.  Will forward the
logging output once that happens.  Maybe tomorrow, maybe
the day after.  It's a big file.

At 07:35 PM 12/3/2007 -0500, Michael Richardson wrote:
>>>>>> "starlight" == starlight  <starlight at binnacle.cx> writes:
>    starlight> At 04:39 PM 12/2/2007 -0500, Michael Richardson wrote:
>    >> Also look at "ipsec spi" output.
>    starlight> Adding this command to the 60 second loop causes the
>    starlight> OpenSwan and the transfer to hose up in a matter of an
>    starlight> hour or two, so I have removed it.  Will run the command
>  Well, then you've found a problem, and if we could see that 
>data, we might even be able to fix it.

More information about the Dev mailing list