[Openswan dev] OpenSwan 2.6.10-1 on OpenWrt 7.09 consistently hangs on large HTTP file transfer

starlight at binnacle.cx starlight at binnacle.cx
Thu Dec 6 18:00:06 EST 2007


>The work around is that you need to rekey more often.
>(keylife= setting)

Yes, of course.  I'm 1/3rd into a test with keylife=7200
and it seems to be working fine.  It's rekeyed several times
successfully.  I'll know for sure once the entire 13GB file
is transferred and will send an update to the list.

>
>What is supposed to happen, which isn't, is that you are suppose to
>start the rekey around 2M bytes (or 2M packets), so that you've
>completed it by 4M bytes (or 4M packets).   Likely, it does hit 4M, and
>the SA gets killed, just that you can't catch it at that point.

Two million or two billion?  I should think you mean billion. So 
it's definitely a "bad thing" to rekey with byte count or packet 
count that exceeds 32 bits?  I was going to call it a bug after 
confirming that it works with the shorter keylife=, but from 
what you say it seems there is no question that this indeed
is a bug.

I haven't been able to get a working bug tracker ID.  Says I'm 
suspended or something (login is 'binnacle'). Could you enter 
the bug report or free up my ID so I can?  Please send the bug 
ID link if you enter it.

BTW I found that OpenWRT Kamikaze was getting into a state where 
the 'iptables' connection forwarding stopped working.  This was 
causing some of the problem I experienced (resolving multiple bugs 
simultaneously is such fun).  So I've gone back to the White 
Russian router running OpenSWAN 2.4.9-7.  Seems to be working 
ok.  Could releases be made available for White Russian 
for awhile longer since Kamikaze is clearly not ready for 
production?



More information about the Dev mailing list