[Openswan Users] Openswan 2.X stability problem...

Laurent LAVAUD l.lavaud at auranext.com
Wed Jan 4 17:24:14 CET 2006 

I notice some stability problem when i use openswan 2.X on a 2.4 or 2.6
kernel, pluto die in a unexpected way without any error message...

 

So I decided to write a little stress script, which insert 10 tunnel and
remove it and loop again.

 

In this configuration:

Openswan 1.0.10, kernel 2.4.32, the script runs with no problem for
several minutes

 

With this configuration:

Openswan 2.4.4 (or 2.3.1, 2.4.5rc1), kernel 2.4.32 (or 2.6.11, 12, 13,
14), pluto die after 1 or 2 minute...

 

Here the script:

(path to ipsec tools are renamed to /usr/local/libexec/ipsec/ for
openswan 2.X version)

 

#!/usr/bin/perl

 

use strict;

 

use Time::HiRes qw/usleep/;

 

my $nbr = 10;

my $int = 300000;

 

system('killall pluto > /dev/null 2>&1');

system('rm /var/run/pluto/pluto.pid > /dev/null 2>&1');

system('/usr/local/sbin/ipsec pluto --uniqueids --nat_traversal >
/dev/null 2>&1');

 

system('ifconfig eth0 0 down');

system('ifconfig ipsec0 0 down');

system('ifconfig eth0 1.1.1.1 netmask 255.255.255.240 up');

system('/usr/local/lib/ipsec/tncfg --attach --virtual ipsec0 --physical
eth0');

system('/sbin/ifconfig ipsec0 inet 1.1.1.1 netmask 255.255.255.240 mtu
16260 up');

 

while() {

   foreach my $i (1..$nbr) {

      system("/usr/local/lib/ipsec/whack --name test_$i --host 1.1.1.1
--client 1.1.1.1/32 --nexthop 1.1.1.254 --updown
/usr/sbin/fg-vpn-updown.pl --to --host 2.2.2.2 --client 2.2.2.2/32
--ikelifetime 3600 --ipseclifetime 28800 --rekeymargin 540 --rekeyfuzz
100 --keyingtries 0 --dpddelay 30 --dpdtimeout 120 --dpdaction clear
--esp 3des-md5! --ike 3des-md5-modp1024! --psk --encrypt --tunnel
--delete --pfs --pfsgroup modp1024");

      system('/usr/local/lib/ipsec/whack --listen');

      system("/usr/local/lib/ipsec/whack --name test_$i --initiate
--asynchronous");

   }

 

   foreach my $i (1..$nbr) {

      system("/usr/local/lib/ipsec/whack --name test_$i --delete");

   }

 

   usleep($int);

}

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20060104/ad057f9e/attachment.htm

More information about the Users mailing list