[Openswan Users] Loss problems with OpenSwan
Nick Howitt
nick at howitts.co.uk
Wed Apr 9 04:37:13 EDT 2014
Rather than your "subnets" set up have you considered doing a more usual
simple left/rightsubnet and adding a left/rightsourceip (probably
10.22.1.1 and 10.122.3.2). Then remove the HOST1 assignment to lo:0?
Nick
On 2014-04-09 09:15, Cristian Petrescu wrote:
> Dear Users,
> I've been using OpenSwan CentOS 6.4 ( 2.6.32-358.2.1.el6.x86_64 ) for some time, it works well but from time to time we start experiencing around 2-3% loss on the connection. If we restart both openswan ends the loss goes away, I wasn't able to determine when and why the loss occurs. I've checked /var/log/secure and there isn't anything happening out of normal. I've had problems in the past with ksoftirqd reaching 100% but after setting /proc/sys/net/ipv4/xfrm4_gc_thresh to 100 and installing irqbalance that ksoftirqd was solved. Please help me solve this issue, below is the configuration:
>
> HOST2:
> # /etc/ipsec.conf - Openswan IPsec configuration file
> #
> # Manual: ipsec.conf.5
> #
> # Please place your own config files in /etc/ipsec.d/ ending in .conf
>
> version 2.0 # conforms to second version of ipsec.conf specification
>
> # basic configuration
> config setup
> protostack=netkey
> virtual_private=%v4:10.122.0.0/16
> oe=off
> nhelpers=0
>
> conn host1host2
> dpdaction=restart_by_peer
> dpdtimeout=60
> dpddelay=10
> left=<host2 public ip>
> leftsubnets={10.122.1.1/32,<host2 public ip>/32}
> leftid=@host2
> leftnexthop=%defaultroute
> right=<host1 public ip>
> rightsubnets={10.122.3.0/24,<host1 public ip>/32}
> rightid=@host1
> rightnexthop=%defaultroute
> auto=start
> authby=secret
> type=tunnel
>
> On HOST2, 10.122.1.1 is assigned to lo:0
> On HOST1, 10.122.3.2 is assigned to a network interface that is gateway for the equipments in that network in order to reach 10.122.1.1
> HOST2 and HOST1 have the same ipsec.conf configuration.
>
> Best regards,
> Cristi
>
> _______________________________________________
> Users at lists.openswan.org
> https://lists.openswan.org/mailman/listinfo/users [1]
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy [2]
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155 [3]
Links:
------
[1] https://lists.openswan.org/mailman/listinfo/users
[2] https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
[3]
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20140409/64d208eb/attachment.html>
More information about the Users
mailing list