[Openswan Users] Openswan 2.X stability problem...
Laurent LAVAUD
l.lavaud at auranext.com
Wed Jan 4 17:24:14 CET 2006
I notice some stability problem when i use openswan 2.X on a 2.4 or 2.6
kernel, pluto die in a unexpected way without any error message...
So I decided to write a little stress script, which insert 10 tunnel and
remove it and loop again.
In this configuration:
Openswan 1.0.10, kernel 2.4.32, the script runs with no problem for
several minutes
With this configuration:
Openswan 2.4.4 (or 2.3.1, 2.4.5rc1), kernel 2.4.32 (or 2.6.11, 12, 13,
14), pluto die after 1 or 2 minute...
Here the script:
(path to ipsec tools are renamed to /usr/local/libexec/ipsec/ for
openswan 2.X version)
#!/usr/bin/perl
use strict;
use Time::HiRes qw/usleep/;
my $nbr = 10;
my $int = 300000;
system('killall pluto > /dev/null 2>&1');
system('rm /var/run/pluto/pluto.pid > /dev/null 2>&1');
system('/usr/local/sbin/ipsec pluto --uniqueids --nat_traversal >
/dev/null 2>&1');
system('ifconfig eth0 0 down');
system('ifconfig ipsec0 0 down');
system('ifconfig eth0 1.1.1.1 netmask 255.255.255.240 up');
system('/usr/local/lib/ipsec/tncfg --attach --virtual ipsec0 --physical
eth0');
system('/sbin/ifconfig ipsec0 inet 1.1.1.1 netmask 255.255.255.240 mtu
16260 up');
while() {
foreach my $i (1..$nbr) {
system("/usr/local/lib/ipsec/whack --name test_$i --host 1.1.1.1
--client 1.1.1.1/32 --nexthop 1.1.1.254 --updown
/usr/sbin/fg-vpn-updown.pl --to --host 2.2.2.2 --client 2.2.2.2/32
--ikelifetime 3600 --ipseclifetime 28800 --rekeymargin 540 --rekeyfuzz
100 --keyingtries 0 --dpddelay 30 --dpdtimeout 120 --dpdaction clear
--esp 3des-md5! --ike 3des-md5-modp1024! --psk --encrypt --tunnel
--delete --pfs --pfsgroup modp1024");
system('/usr/local/lib/ipsec/whack --listen');
system("/usr/local/lib/ipsec/whack --name test_$i --initiate
--asynchronous");
}
foreach my $i (1..$nbr) {
system("/usr/local/lib/ipsec/whack --name test_$i --delete");
}
usleep($int);
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20060104/ad057f9e/attachment.htm
More information about the Users
mailing list