[Openswan Users] Limite Number en phase2
Paul Wouters
paul at xelerance.com
Mon Sep 26 13:36:32 EDT 2011
On Mon, 26 Sep 2011, SCHNEIDER Benoit wrote:
> Actually in my office we have many VPN up the typical is: server -> modem
> (the VPN is directly mount on the modem), and on some site, sometime we
> can see many phase 2 (near 200 and more)
> This look to a pear when the site was down many time (some time few day
> to few month), at the first time the server see again the site, he look
> to up many phase 2. During this time the CPU usage of our server could be
> at 100% used by pluto. And for this time we can't up a other VPN, so we
> kill and restart it (I know is bad but ...)
>
> There is a way to limit this ? to explicit says that we didn't want more
> than 2-3 phase 2 up on a link ?
If your CPU is 100% this means one of two things:
- Your CPU isn't powerful enough for the crypto you're throwing at it
(sometimes caused by excessive logging using plutodebug=all)
- Pluto went into some weird kind of infinite loop.
The second one is unlikely but not impossible. If this is a full fledged
system, you can try using strace to see what pluto is doing.
Paul
More information about the Users
mailing list