[Openswan dev] OpenSwan 2.6.10-1 on OpenWrt 7.09 consistently hangs on large HTTP file transfer

starlight at binnacle.cx starlight at binnacle.cx
Thu Dec 6 02:29:32 EST 2007

It blew up right on schedule.  When the IKE SA rekey operation 
completed, the session was unstable and disappeared after a few 
seconds.  The strange VLAN related error showed up again, which 
I belive is an indicator of garbage packets.  Tried pinging the 
path to the transmitting server and it did come back up though.

Ran a quick test with a short keylife= value and the file 
transfer motored happily through about three rekey events.

Tomorrow I'll start the transfer from scratch with keylife=7200 
configured and see how it goes.  With a two hour rekey interval 
the byte count won't even reach 0x7FFFFFFF.

It will be nice if this succeeds--an effective workaround
will be a great relief.

>I was looking at the log file again, and came up with a theory. 
>Possibly a bit random, but it fits.
>Connectivity does not go to pieces exactly on the 4GB boundary. 
>However I noticed that the session reset seems to be the actual 
>trigger--it was at 26000+ seconds when it went.  Possibly the 
>Cisco forced the key event or the number in the log is not 
>perfectly synchronized to the local 28800 rekey interval.
>Anyway, the theory is that rekeying a session that has seen more 
>the 4GB of data transfer is the trigger.  It's a bit out there, 
>but it fits what seems to be happening.  I'm assuming that 
>rekeying a link under heavy load with less the 4GB transferred 
>is extensively tested as it would seem to be a common event.  
>I'll bet that rekeying a session under heavy load with more than 
>4GB is not happening very often in the population of installed 
>systems.  Perhaps the issue is specific to MIPS with emulated 
>floating point.
>I'll let it blow one more time.  Then tomorrow I'll try setting 
>the key interval to one hour and running it again.  The one hour 
>interval will prevent rekeying from happening with a high byte 

More information about the Dev mailing list