[Openswan Users] Why Xl2tpd may become unresponsive?

[isidro gonzalez cuxiart]

Dear friends,
I have a Linux server running Centosd OS: 5.4 and kernel 2.6.18-128.el5xe the following  VPN setup:openswan 2.6.14xl2tpd 1.2.4ppp 2.2.4freeradius 1.1.3mysql 5.0.45
I've set idle=1800 on the server /etc/ppp/options.xl2tpd so every 30minutes the VPN server does terminated the connections if client has been idle, 
I've compiled the xl2tpd with -DTRUST_PPP_TO_DIE, because I need that pppd cleans up when terminated. (i.e. calls my ppp-down.local scripts.
So far the vpn clients can  connect, access the services in the VPN and reconnect if the Server terminates theirs connection due to client inactivity. I've run the xl2tpd with the -D option and verfied that  xl2tpd sends SIGTERM to pppd and PPP exits indeed. 
After few hours(some time it takes days) VPN clients cannot connect anymore. On the server side the log does not show any activities from xl2tpd. Whenever it happens I' ve noted that pppd process started by the xl2tpd daemon is in defunct state, so I need to restart the xl2tpd service in the linux server to make it work again leading ofcourse to the termination of the pppd zombie process.  
Sytem resources utilization (run top and free) stay low.  
The xl2tpd documentation(readme included in the tarball) says that if pppd does not exit with the SIGTERM then xl2tpd will hang, but this is apparently not the case as I mentioned I've verified that pppd exits with SIGTERM.
My question are what else could cause the xl2tpd to hang? How may I continue debuging this behaviour ?



      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20100413/b451bf76/attachment.html