[Openswan Users] Limite Number en phase2
Benoit Schneider
ton.ami.totoro at gmail.com
Mon Sep 26 15:08:46 EDT 2011
Le lundi 26 septembre 2011 19:36:32, Paul Wouters a écrit :
> On Mon, 26 Sep 2011, SCHNEIDER Benoit wrote:
> > Actually in my office we have many VPN up the typical is: server -> modem
> > (the VPN is directly mount on the modem), and on some site, sometime we
> > can see many phase 2 (near 200 and more)
> > This look to a pear when the site was down many time (some time few day
> > to few month), at the first time the server see again the site, he look
> > to up many phase 2. During this time the CPU usage of our server could be
> > at 100% used by pluto. And for this time we can't up a other VPN, so we
> > kill and restart it (I know is bad but ...)
> >
> > There is a way to limit this ? to explicit says that we didn't want more
> > than 2-3 phase 2 up on a link ?
>
> If your CPU is 100% this means one of two things:
> - Your CPU isn't powerful enough for the crypto you're throwing at it
> (sometimes caused by excessive logging using plutodebug=all)
> - Pluto went into some weird kind of infinite loop.
>
> The second one is unlikely but not impossible. If this is a full fledged
> system, you can try using strace to see what pluto is doing.
>
> Paul
Thanks for your answer.
But usually the CPU usage is under 1-2% It's just when pluto try to up again some VPN (and after we found many phase2 on those site) it's not all the time.
I will check tomorrow for the plutodebug=all
But there is no way to limit phase2 number on a site ?
Regards
Benoit Schneider
More information about the Users
mailing list