[Openswan Users] Openswan 2.X stability problem...

Laurent LAVAUD l.lavaud at auranext.com
Wed Jan 4 17:24:14 CET 2006

I notice some stability problem when i use openswan 2.X on a 2.4 or 2.6
kernel, pluto die in a unexpected way without any error message...


So I decided to write a little stress script, which insert 10 tunnel and
remove it and loop again.


In this configuration:

Openswan 1.0.10, kernel 2.4.32, the script runs with no problem for
several minutes


With this configuration:

Openswan 2.4.4 (or 2.3.1, 2.4.5rc1), kernel 2.4.32 (or 2.6.11, 12, 13,
14), pluto die after 1 or 2 minute...


Here the script:

(path to ipsec tools are renamed to /usr/local/libexec/ipsec/ for
openswan 2.X version)




use strict;


use Time::HiRes qw/usleep/;


my $nbr = 10;

my $int = 300000;


system('killall pluto > /dev/null 2>&1');

system('rm /var/run/pluto/pluto.pid > /dev/null 2>&1');

system('/usr/local/sbin/ipsec pluto --uniqueids --nat_traversal >
/dev/null 2>&1');


system('ifconfig eth0 0 down');

system('ifconfig ipsec0 0 down');

system('ifconfig eth0 netmask up');

system('/usr/local/lib/ipsec/tncfg --attach --virtual ipsec0 --physical

system('/sbin/ifconfig ipsec0 inet netmask mtu
16260 up');


while() {

   foreach my $i (1..$nbr) {

      system("/usr/local/lib/ipsec/whack --name test_$i --host
--client --nexthop --updown
/usr/sbin/fg-vpn-updown.pl --to --host --client
--ikelifetime 3600 --ipseclifetime 28800 --rekeymargin 540 --rekeyfuzz
100 --keyingtries 0 --dpddelay 30 --dpdtimeout 120 --dpdaction clear
--esp 3des-md5! --ike 3des-md5-modp1024! --psk --encrypt --tunnel
--delete --pfs --pfsgroup modp1024");

      system('/usr/local/lib/ipsec/whack --listen');

      system("/usr/local/lib/ipsec/whack --name test_$i --initiate



   foreach my $i (1..$nbr) {

      system("/usr/local/lib/ipsec/whack --name test_$i --delete");





-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20060104/ad057f9e/attachment.htm

More information about the Users mailing list