[Openswan dev] OpenSwan 2.6.10-1 on OpenWrt 7.09 consistently hangs on large HTTP file transfer

Fri Dec 7 00:15:48 EST 2007

On Thu, 6 Dec 2007, starlight at binnacle.cx wrote:

> At 07:02 PM 12/6/2007 -0500, Michael Richardson wrote:
> >  Most people rekey sooner based upon time.
>
> Quite a cavalier way to put it.  Most people?  Like whom?  How may
> people do multi-gigabyte file transfers that take a day or more
> and then find it blows up in their face?

All my traffic goes in and out only via IPsec. That's likely multiple
gigabits/day, going out over openwrt. And I never hit this problem.
Perhaps your DSL is faster then mine?

> HAS A BUG!!!
>
> B  U  G
>
> Call it a defect if it makes you happy.

No one is claiming it is not a bug.

> I just spent a week screwing around figuring this out.  It has
> been causing trouble for almost a year.  It surely will affect
> x86 platforms as well as the embedded ones.  Considering how
> hard it is to reproduce and how much trouble it will cause your
> commercial customers when they hit this, the least you can do is
>
> FIX IT!

Let me make this perfecly clear:

- Openswan is based on open source software, and given away for free
- You have paid $0 for a product that other people spend time and money
  to develop for over 8 years.
- Xelerance puts in lots of money and resources to people to give it
  away. If we got $1 for each install, I'd be living on the Bahamas.
- Our resources are limited - we are not .com milionaires. We need to
  earn our living too, so paying customers get preference.
- Look at the CVS and GIT commits. See how many reported bugs we are
  handling - The majority of them unpaid!
- You're free to call our sales office to talk about hiring us to fix
  this specific bug that apparently all the other fortune 500 companies,
  NATO, the US Government, and the millions of AT&T users, Boeing, banks,
  Motorola phones, and hunderds of companies with each thousands of Point
  of Sales terminals, did not run into.

Instead, you're buying a $60 device that's severely limited on resources,
and then become incredibly rude that we don't instantly fix your "huge
problem" for free, despite having been giving a workaround that's trivial
to implement.

Since Openswan's inception in 2003, I've spend at least two days a week
on supporting people, fixing bugs, and developing code. Excuse me if I am
not impressed by your "tremendous" loss of one week of you life. Perhaps
it is you who should, as a tribute for using open source software developed
by other people investing thousands and thousands of hours, get off your ass
and invest another week to fix this one "important" bug as your contribution
to everyone for getting a $1M+ product for free.

> Or do you expect all the users of your software to endure
> the same painful experiences over and over again?  Especially
> the painful experiences that waste days and weeks of their time?

I suggest you just spend $25.000 and buy a Cisco with complimentary engineer.
They might listen to your yelling, but at least they get paid the big bugs
for doing so.

I, on the other hand, feel not at all motivated to help you resolve this
bug right now.

Paul