[Openswan dev] OpenSwan 2.6.10-1 on OpenWrt 7.09 consistently hangs on large HTTP file transfer

starlight at binnacle.cx starlight at binnacle.cx
Tue Dec 4 20:04:05 EST 2007


Ok, finally reproduced the problem.  Strangely this time 
OpenSwan did not lock up, but instead the remote could not 
connect anymore in a fashion similar to the "short interval 
failure" issue I hit during testing and suspected was a Cisco 
issue.  Once the router was rebooted it came back fine and is 
motoring along again.  Perhaps the issue results from a 
complicated set of interactions with more than one pressure 
point and resulting behavior.

Anyway here is the failure log.  The blowout is at the 18:38 
time interval.  Traffic was flowing from the 10.81.82.5.



At 08:08 PM 12/3/2007 -0500, starlight at binnacle.cx wrote:
>Per the follow-up message, I now suspect the problem was caused 
>by some form of insanity in the Cisco VPN firewall.  Check out 
>the post as it contains a ping-plotter graph illustrating what 
>happened.  The Cisco was restarted in the morning and I was able 
>to complete the download with no problems even with the
>'ipsec spi' command in the logging loop.
>
>In the case of the short-interval failure, OpenSwan continued
>to operate.  It was just refused connections originating on
>the other side.
>
>Now I'm running the transfer again to reproduce the 7GB 
>blow-out with the logging loop running.  Will forward the
>logging output once that happens.  Maybe tomorrow, maybe
>the day after.  It's a big file.
>
>
>
>At 07:35 PM 12/3/2007 -0500, Michael Richardson wrote:
>>>>>>> "starlight" == starlight  <starlight at binnacle.cx> writes:
>>    starlight> At 04:39 PM 12/2/2007 -0500, Michael Richardson wrote:
>>    >> Also look at "ipsec spi" output.
>>    starlight> Adding this command to the 60 second loop causes the
>>    starlight> OpenSwan and the transfer to hose up in a matter of an
>>    starlight> hour or two, so I have removed it.  Will run the command
>>
>>  Well, then you've found a problem, and if we could see that 
>>data, we might even be able to fix it.
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: router_log4.bz2
Type: application/octet-stream
Size: 39207 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/dev/attachments/20071204/25f3c898/attachment-0001.obj 


More information about the Dev mailing list