[Openswan Users] "cannot install eroute" after remote IP change
Michael Smith
msmith at cbnco.com
Fri Mar 4 13:45:17 EST 2011
Paul Wouters wrote:
> I would recommend rekey=no on the static end, and only
> letting the ip changing end initiate.
Yeah, that's what I've got now. Definitely makes the logs easier to
read, at least.
> You also mentioned a memory leak in another email, but I found no
> mention of
> it elsewhere? Do you have more information?
After "cannot install eroute", something is not getting cleaned up in
pluto (not sure what). This is in the inbound QI1 handling, I believe.
The remote end keeps retrying, so eventually pluto grows to consume all RAM.
The terrible hack I applied tiptoes around the leak by allowing
could_route() to "succeed", so the remote end doesn't keep trying, it
just has a broken SA.
Mike
More information about the Users
mailing list