[Openswan dev] OpenSwan 2.6.10-1 on OpenWrt 7.09 consistently hangs on large HTTP file transfer

starlight at binnacle.cx starlight at binnacle.cx
Thu Dec 6 18:19:12 EST 2007

>What is supposed to happen, which isn't, is that you are suppose to
>start the rekey around 2M bytes (or 2M packets), so that you've
>completed it by 4M bytes (or 4M packets).

If you're talking billions instead of millions, I should
think it would be no trouble for the rekey to complete
before 4G is hit, even on an Internet2 superfast link.

>Likely, it does hit 4M, and the SA gets killed, just that
>you can't catch it at that point.

It's pretty clear in the 'ipsec spi' log you had me run, and 
that I forwarded to you and the group. T he byte count is close 
to five billion when the rekey happens.


I don't know about the SA getting killed, but whatever happens 
it stops working.  Clearly some corrupt packets are sent as is 
evidenced by the log message

   router kernel: eth0.1: unable to resolve type 3800 addresses.

Which indicates that garbage is appearing in the protocol bytes
of the Ethernet MAC header.

More information about the Dev mailing list