[Openswan dev] OpenSwan 2.6.10-1 on OpenWrt 7.09 consistently hangs on large HTTP file transfer
Michael Richardson
mcr at sandelman.ottawa.on.ca
Thu Dec 6 17:29:10 EST 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The work around is that you need to rekey more often.
(keylife= setting)
What is supposed to happen, which isn't, is that you are suppose to
start the rekey around 2M bytes (or 2M packets), so that you've
completed it by 4M bytes (or 4M packets). Likely, it does hit 4M, and
the SA gets killed, just that you can't catch it at that point.
- --
] Bear: "Me, I'm just the shape of a bear." | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr at xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Finger me for keys
iQEVAwUBR1h3s4CLcPvd0N1lAQK0GAf7B/70whf+Ln5jqba8b9dwm2Kx52LjVyQl
EExMymC8mQpSe86PkkIQIl5sedVJvkmdQIhj6mIZGX3pAs0RGPPyELfmouAoCGyW
MqySC0r7sG/mMuyDI3g+s6g33zhyc4TK4Uvv0fFxwnJnDag3cDZp9rbFvszfalY4
GF0CSV9Xe2+rbpumi92LEG1PoHzeYXxRqvoDMpqNqS05l6MCsP6D/GxZS1Ii5xev
JiPEsHKOYNTrm4ot1k+f0BnDA66WwQahlxovl5Mb36TNjosxsQcJkYb9xivkiTw0
82PwbFrvpG9/fFA1ESzr5q1Hg6itUiKli8/WJM6wdNxnJV3431zNGw==
=iT4x
-----END PGP SIGNATURE-----
More information about the Dev
mailing list