[Openswan Users] Re:2.6.13+Klipsproblems
Andrew Congdon
andrew.congdon at iplatinum.com.au
Thu Nov 24 18:35:45 CET 2005
> > Is your interface being down'ed
> > briefly?
>
> No it's just the ipsec0 connectivity which is being lost. Can still talk
> to the public target address just not through the tunnel.
Well that's wrong! Checked it again and I'm definitely losing connection to
the public address:
64 bytes from XXX.XXX.XXX.XXX: icmp_seq=36 ttl=62 time=506 ms
64 bytes from XXX.XXX.XXX.XXX: icmp_seq=37 ttl=62 time=731 ms
64 bytes from XXX.XXX.XXX.XXX: icmp_seq=38 ttl=62 time=1005 ms
64 bytes from XXX.XXX.XXX.XXX: icmp_seq=59 ttl=62 time=39.0 ms
and that loss corresponds to the message:
klips_error:ipsec_xmit_send: ip_send() failed, err=-1
Now watching more carefully I can get that message and not lose the connection
(hence my original answer).
Either way I don't not lose connectivity with the ISP upstream router, so
I assume the interface is staying up, although the times do blow out:
64 bytes from X.X.X.X: icmp_seq=142 ttl=255 time=599 ms
64 bytes from X.X.X.X: icmp_seq=143 ttl=255 time=906 ms
64 bytes from X.X.X.X: icmp_seq=144 ttl=255 time=1232 ms
64 bytes from X.X.X.X: icmp_seq=145 ttl=255 time=1220 ms
..
64 bytes from X.X.X.X: icmp_seq=184 ttl=255 time=14.8 ms
64 bytes from X.X.X.X: icmp_seq=185 ttl=255 time=14.7 ms
Maybe I should just add a ceiling to the gre interfaces bandwidth
and see if that has any effect?
--
Andrew
More information about the Users
mailing list