[Openswan Users] Limite Number en phase2
SCHNEIDER Benoit
ton.ami.totoro at gmail.com
Tue Oct 4 05:59:05 EDT 2011
Hi,
I coming back on the problem, it's append again yesturday
Our harware configuration is :
Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz with 2G DDR2 ram
In my log jute when the cpu usage increace I found this:
Oct 3 15:05:42 srv-vpn1 pluto[19667]: "vpn-name1" #180426: max number of
retransmissions (2) reached STATE_QUICK_I1
Oct 3 15:05:42 srv-vpn1 pluto[19667]: "vpn-name1" #180426: starting keying
attempt 8 of an unlimited number
Oct 3 15:05:42 srv-vpn1 pluto[19667]: "vpn-name1" #191712: initiating Quick
Mode PSK+ENCRYPT+TUNNEL+IKEv2ALLOW to replace #180426 {using isakmp#101770
msgid:b199c684 proposal=NULL(11)_000-MD5(1)_128 pfsgroup=no-pfs}
Oct 3 15:05:42 srv-vpn1 pluto[19667]: "vpn-name1" #180425: max number of
retransmissions (2) reached STATE_QUICK_I1
Oct 3 15:05:42 srv-vpn1 pluto[19667]: "vpn-name1" #180425: starting keying
attempt 8 of an unlimited number
Oct 3 15:05:42 srv-vpn1 pluto[19667]: "vpn-name1" #191713: initiating Quick
Mode PSK+ENCRYPT+TUNNEL+IKEv2ALLOW to replace #180425 {using isakmp#101770
msgid:fde37812 proposal=NULL(11)_000-MD5(1)_128 pfsgroup=no-pfs}
Oct 3 15:05:42 srv-vpn1 pluto[19667]: "vpn-name1" #180424: max number of
retransmissions (2) reached STATE_QUICK_I1
Oct 3 15:05:42 srv-vpn1 pluto[19667]: "vpn-name1" #180424: starting keying
attempt 8 of an unlimited number
Oct 3 15:05:42 srv-vpn1 pluto[19667]: "vpn-name1" #191714: initiating Quick
Mode PSK+ENCRYPT+TUNNEL+IKEv2ALLOW to replace #180424 {using isakmp#101770
msgid:fdf0da3c proposal=NULL(11)_000-MD5(1)_128 pfsgroup=no-pfs}
Oct 3 15:05:42 srv-vpn1 pluto[19667]: "vpn-name1" #180423: max number of
retransmissions (2) reached STATE_QUICK_I1
Oct 3 15:05:42 srv-vpn1 pluto[19667]: "vpn-name1" #180423: starting keying
attempt 8 of an unlimited number
Oct 3 15:05:42 srv-vpn1 pluto[19667]: "vpn-name1" #191715: initiating Quick
Mode PSK+ENCRYPT+TUNNEL+IKEv2ALLOW to replace #180423 {using isakmp#101770
msgid:53dd5572 proposal=NULL(11)_000-MD5(1)_128 pfsgroup=no-pfs}
Oct 3 15:05:42 srv-vpn1 pluto[19667]: "vpn-name1" #180422: max number of
retransmissions (2) reached STATE_QUICK_I1
Oct 3 15:05:42 srv-vpn1 pluto[19667]: "vpn-name1" #180422: starting keying
attempt 8 of an unlimited number
Oct 3 15:05:42 srv-vpn1 pluto[19667]: "vpn-name1" #191716: initiating Quick
Mode PSK+ENCRYPT+TUNNEL+IKEv2ALLOW to replace #180422 {using isakmp#101770
msgid:dd20a66a proposal=NULL(11)_000-MD5(1)_128 pfsgroup=no-pfs}
Oct 3 15:05:42 srv-vpn1 pluto[19667]: "vpn-name1" #180421: max number of
retransmissions (2) reached STATE_QUICK_I1
Oct 3 15:05:42 srv-vpn1 pluto[19667]: "vpn-name1" #180421: starting keying
attempt 8 of an unlimited number
Oct 3 15:05:42 srv-vpn1 pluto[19667]: "vpn-name1" #191717: initiating Quick
Mode PSK+ENCRYPT+TUNNEL+IKEv2ALLOW to replace #180421 {using isakmp#101770
msgid:32c81d69 proposal=NULL(11)_000-MD5(1)_128 pfsgroup=no-pfs}
Oct 3 15:05:42 srv-vpn1 pluto[19667]: "vpn-name1" #180420: max number of
retransmissions (2) reached STATE_QUICK_I1
Oct 3 15:05:42 srv-vpn1 pluto[19667]: "vpn-name1" #180420: starting keying
attempt 8 of an unlimited number
Oct 3 15:05:42 srv-vpn1 pluto[19667]: "vpn-name1" #191718: initiating Quick
Mode PSK+ENCRYPT+TUNNEL+IKEv2ALLOW to replace #180420 {using isakmp#101770
msgid:9ef0e853 proposal=NULL(11)_000-MD5(1)_128 pfsgroup=no-pfs}
Oct 3 15:05:42 srv-vpn1 pluto[19667]: "vpn-name1" #180419: max number of
retransmissions (2) reached STATE_QUICK_I1
Oct 3 15:05:42 srv-vpn1 pluto[19667]: "vpn-name1" #180419: starting keying
attempt 8 of an unlimited number
Oct 3 15:05:42 srv-vpn1 pluto[19667]: "vpn-name1" #191719: initiating Quick
Mode PSK+ENCRYPT+TUNNEL+IKEv2ALLOW to replace #180419 {using isakmp#101770
msgid:81d732ea proposal=NULL(11)_000-MD5(1)_128 pfsgroup=no-pfs}
Oct 3 15:05:42 srv-vpn1 pluto[19667]: "vpn-name1" #180498: max number of
retransmissions (2) reached STATE_QUICK_I1
Oct 3 15:05:42 srv-vpn1 pluto[19667]: "vpn-name1" #180498: starting keying
attempt 8 of an unlimited number
Oct 3 15:05:42 srv-vpn1 pluto[19667]: "vpn-name1" #191641: initiating Quick
Mode PSK+ENCRYPT+TUNNEL+IKEv2ALLOW to replace #180498 {using isakmp#101770
msgid:a6efd1fc proposal=NULL(11)_000-MD5(1)_128 pfsgroup=no-pfs}
Oct 3 15:05:42 srv-vpn1 pluto[19667]: ERROR: "vpn-name1" #191641:
recvmsg(,, MSG_ERRQUEUE) on eth1:0 failed in comm_handle. Errno 11: Resource
temporarily unavailable
Oct 3 15:05:42 srv-vpn1 pluto[19667]: ERROR: "vpn-name1" #191641: sendto on
eth1:0 to 172.17.0.137:500 failed in quick_outI1. Errno 111: Connection
refused
.....
Oct 3 15:05:43 srv-vpn1 pluto[19667]: "vpn-name2" #180593: max number of
retransmissions (2) reached STATE_MAIN_R1
Oct 3 15:05:43 srv-vpn1 pluto[19667]: "vpn-name3" #180590: max number of
retransmissions (2) reached STATE_MAIN_R1
Oct 3 15:05:43 srv-vpn1 pluto[19667]: "vpn-name4" #180588: max number of
retransmissions (2) reached STATE_MAIN_R1
Oct 3 15:05:43 srv-vpn1 pluto[19667]: "vpn-name5" #180587: max number of
retransmissions (2) reached STATE_MAIN_R1
Oct 3 15:05:43 srv-vpn1 pluto[19667]: "vpn-name6" #180586: max number of
retransmissions (2) reached STATE_MAIN_R1
Oct 3 15:05:43 srv-vpn1 pluto[19667]: "vpn-name6" #180585: max number of
retransmissions (2) reached STATE_MAIN_R1
Oct 3 15:05:43 srv-vpn1 pluto[19667]: "vpn-name7" #180584: max number of
retransmissions (2) reached STATE_MAIN_R1
Oct 3 15:05:43 srv-vpn1 pluto[19667]: "vpn-name8" #180582: max number of
retransmissions (2) reached STATE_MAIN_R1
Oct 3 15:05:43 srv-vpn1 pluto[19667]: "vpn-name9" #180581: max number of
retransmissions (2) reached STATE_MAIN_R1
Oct 3 15:05:43 srv-vpn1 pluto[19667]: "vpn-name4" #180580: max number of
retransmissions (2) reached STATE_MAIN_R1
Oct 3 15:05:43 srv-vpn1 pluto[19667]: "vpn-name10" #180579: max number of
retransmissions (2) reached STATE_MAIN_R1
Oct 3 15:05:43 srv-vpn1 pluto[19667]: "vpn-name2" #180578: max number of
retransmissions (2) reached STATE_MAIN_R1
Oct 3 15:05:43 srv-vpn1 pluto[19667]: "vpn-name4" #180577: max number of
retransmissions (2) reached STATE_MAIN_R1
Oct 3 15:05:43 srv-vpn1 pluto[19667]: "vpn-name5" #180575: max number of
retransmissions (2) reached STATE_MAIN_R1
Oct 3 15:05:43 srv-vpn1 pluto[19667]: "vpn-name11" #180574: max number of
retransmissions (2) reached STATE_MAIN_R1
Oct 3 15:05:43 srv-vpn1 pluto[19667]: "vpn-name12" #180573: max number of
retransmissions (2) reached STATE_MAIN_R1
Oct 3 15:05:43 srv-vpn1 pluto[19667]: "vpn-name2" #180572: max number of
retransmissions (2) reached STATE_MAIN_R1
Oct 3 15:05:43 srv-vpn1 pluto[19667]: "vpn-name13" #180571: max number of
retransmissions (2) reached STATE_MAIN_R1
Oct 3 15:05:43 srv-vpn1 pluto[19667]: "vpn-name7" #180570: max number of
retransmissions (2) reached STATE_MAIN_R1
Oct 3 15:05:43 srv-vpn1 pluto[19667]: "vpn-name14" #180569: max number of
retransmissions (2) reached STATE_MAIN_R1
Oct 3 15:05:43 srv-vpn1 pluto[19667]: "vpn-name8" #180568: max number of
retransmissions (2) reached STATE_MAIN_R1
Oct 3 15:05:43 srv-vpn1 pluto[19667]: "vpn-name9" #180567: max number of
retransmissions (2) reached STATE_MAIN_R1
Oct 3 15:05:43 srv-vpn1 pluto[19667]: "vpn-name2" #180566: max number of
retransmissions (2) reached STATE_MAIN_R1
Oct 3 15:05:43 srv-vpn1 pluto[19667]: "vpn-name5" #180565: max number of
retransmissions (2) reached STATE_MAIN_R1
Oct 3 15:05:43 srv-vpn1 pluto[19667]: "vpn-name10" #180563: max number of
retransmissions (2) reached STATE_MAIN_R1
Oct 3 15:05:43 srv-vpn1 pluto[19667]: "vpn-name5" #180562: max number of
retransmissions (2) reached STATE_MAIN_R1
Oct 3 15:05:43 srv-vpn1 pluto[19667]: "vpn-name7" #180561: max number of
retransmissions (2) reached STATE_MAIN_R1
Oct 3 15:05:43 srv-vpn1 pluto[19667]: "vpn-name8" #180559: max number of
retransmissions (2) reached STATE_MAIN_R1
The vpn-name1 log appeard thousand of time in near one second.
After the "max number of retransmissions" series, it's look to be
more quiet.
The conf file:
conn vpn-name1
auth=esp
ike=aes128-md5-modp1024
authby=secret
auto=route
compress=no
pfs=no
type=tunnel
keylife=24h
esp=null-md5
left=XXX.XXX.XXX.XXX
leftid=XXX.XXX.XXX.XXX
leftsubnet=YYY.YYY.1.YYY/24
right=ZZZ.ZZZ.ZZZ.ZZZ
rightid=ZZZ.ZZZ.ZZZ.ZZZ
rightsubnet=YYY.YYY.2.YYY/24
Any idear ?
Reagards
Benoit Schneider
2011/9/27 SCHNEIDER Benoit <ton.ami.totoro at gmail.com>
> Hi,
>
> We don't use "plutodebug=all".
>
> It's realy look than pluto make a list by trying to up a tunnel where the
> site is down, and then when the site is up again, he try to up all the list.
>
> Regards
>
> Benoit Schneider
>
> 2011/9/26 Paul Wouters <paul at xelerance.com>
>
>> On Mon, 26 Sep 2011, Benoit Schneider wrote:
>>
>> Thanks for your answer.
>>> But usually the CPU usage is under 1-2% It's just when pluto try to up
>>> again some VPN (and after we found many phase2 on those site) it's not all
>>> the time.
>>> I will check tomorrow for the plutodebug=all
>>> But there is no way to limit phase2 number on a site ?
>>>
>>
>> There should only be 1 incomplete phase2 per conn
>>
>> Paul
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20111004/aca608c6/attachment.html
More information about the Users
mailing list