[Openswan Users] Too many tunnels problem????

[Paul Wouters]

On Wed, 5 Apr 2006, Joost Kraaijeveld wrote:

> I am running Linux Debian Sarge i386 Openswan U2.2.0/K2.6.8-1-386 (native) as a IPSec VPN concentrator on a Intel Pentium 4 CPU 1.50GHz, 128MB memory, with 105 tunnels.

> After adding a additional tunnel I am experiencing tunnel breakdowns: tunnels that suddenly go down and don't come up again. I cannot find any warnings or errors in auth.log on the VPN concentratot side.

There are known issues with openswan 2.2.0 as well as netkey on 2.6.8 kernels.
I suggest upgrading both.
If that does not help, you can try klips instead of netkey.
Or perhaps be more specific about the errors you are seeing?

> 1. Is there anything I can do about the logging so that I might get more info?

There are no kernel level logs with netkey. klips has an extensive debug
mechanism. userland can produce more logs using "plutodebug=", but with
106 tunnels, adding more debug might just cause more problems due to logging
speeds to disk.

> 2. Is there a limit on how many tunnels I can handle, given the hard- and software?

There is a limit, but unless you run in 64MB, i doubt you're hitting it.

> 4. Any other suggestions?

more info? upgrade to later versions? try klips?

Paul