[Openswan Users] Is this right? VPN blocks fully on just one stocks hang/block?

ted leslie tleslie at tcn.net
Sat Nov 25 00:45:39 EST 2006


I have a ipsec tunnel up,
and i have used this tunnel problem free for ages,
but i just started using an application that hangs on a socket traffic
request,
its doing a DB call to a postgres DB over the VPN, and the DB is slow,
so the socket call on 5432 hangs for even 40 seconds, then it times out,

when this happens, i can NOT do a ssh over the same tunnel to a
different IP on the other side, 
it will stay this way until the socket is taken down (i.e. i see it
clear in netstat -n),
then i can ssh again, and vpn is back to normal,

so its as if, the VPN serializes all traffic and waits for it all to
complete, that seems weird?

that shouldn't be, as in a office environment using openSwan, 
a hung socket by one person, would kill network (vpn) for all,
hmmmm, i don't want to believe it, but I am seeing it with my own eyes!

any thoughts? any one?


-tl



More information about the Users mailing list