[Openswan Users] Another query: dropped packets and general VPN problems

Neal Murphy neal.p.murphy at alum.wpi.edu
Fri Dec 17 20:21:29 EST 2010


Another VPN problem I was trying to debug. Gentleman has two Smoothwalls, one 
for his family and one where he currently works/lives. Cox and Comcast cable 
at either end.

Both ends are running OS 2.4.15 on Linux 2.6.16.60, using KLIPS. The VPNs come 
up OK and traffic passes. One end shows no problems at all, or if there are 
any, they are negligible.

The other end, however, has a huge problem. It slowly eats RAM; seems 
something likes munching 2KB SLABs. It shows huge numbers of dropped IPSEC 
packets, inbound and outbound. He changed out all of his hardware at that 
end, including changing the DOCSIS 3 cable modem for a DOCSIS 2 CM.

In desparation, he finally switched to OpenVPN, which has been working 
perfectly.

I could find no reason for the packet lossage or memory leak. This is the 
first time I've heard of such a problem.

So a couple questions. (1) Might we have been looking at the wrong end? That 
is, could the problems be originating at the other end? (2) Is it possible 
that either ISP is mangling or otherwise touching the IPSEC packets in 
transit? (Hmmm. Synchronize both clocks, and tcpdump ipsec0 at both ends, 
then compare the two logs. That oughta show if the packets are being 
changed.) (3) The memory loss: could it be that 2.4.15 is not properly 
freeing the buffers when it drops 'tainted' packets?

Thanks,
Neal


More information about the Users mailing list