[Openswan Users] Is this right? VPN blocks fully on just one stocks hang/block?
Paul Wouters
paul at xelerance.com
Sat Nov 25 11:27:12 EST 2006
On Sat, 25 Nov 2006, ted leslie wrote:
> I have a ipsec tunnel up,
> and i have used this tunnel problem free for ages,
> but i just started using an application that hangs on a socket traffic
> request,
> its doing a DB call to a postgres DB over the VPN, and the DB is slow,
> so the socket call on 5432 hangs for even 40 seconds, then it times out,
>
> when this happens, i can NOT do a ssh over the same tunnel to a
> different IP on the other side,
> it will stay this way until the socket is taken down (i.e. i see it
> clear in netstat -n),
> then i can ssh again, and vpn is back to normal,
This sounds more like mtu issues or congestion. Try changing the mtu
or clamping it. See one of the recent answers in the archive I gave
on clamping.
> so its as if, the VPN serializes all traffic and waits for it all to
> complete, that seems weird?
It does not keep any such state, so it cannot do that.
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list