[Openswan Users] Another query: dropped packets and general VPN problems

Paul Wouters paul at xelerance.com
Sat Dec 18 13:42:08 EST 2010


On Fri, 17 Dec 2010, Neal Murphy wrote:

> The other end, however, has a huge problem. It slowly eats RAM; seems
> something likes munching 2KB SLABs. It shows huge numbers of dropped IPSEC
> packets, inbound and outbound. He changed out all of his hardware at that
> end, including changing the DOCSIS 3 cable modem for a DOCSIS 2 CM.

You should first check where the memory is lost. Kernel space (KLIPS) or
userland (pluto). If the latter, then upgrade to the latest openswan since
we have fixed memory leaks in the last year.

> So a couple questions. (1) Might we have been looking at the wrong end? That
> is, could the problems be originating at the other end? (2) Is it possible

No matter what the packet loss or other end does, we shouldn't leak memory.

> changed.) (3) The memory loss: could it be that 2.4.15 is not properly
> freeing the buffers when it drops 'tainted' packets?

2.4.x openswan has been EOL'ed a while ago, so please try again with openswan
2.6.x and let us know.

Paul


More information about the Users mailing list