[strongSwan] Site-To-Site becomes unreasonable slow within 12h of running
Martin Willi
martin at strongswan.org
Tue Jun 21 15:57:10 CEST 2011
Hi,
> I get 3 Tunnels, all initiated by 'moon', within 2 minutes from first to
> last, and the connection is fine so far. Letting this setup run for some
> time (~12h) the reqid is within within the thousands and the connection
> becomes very slow.
> conn moon
> dpdaction=restart
> auto=start
> conn sun
> dpdaction=restart
> auto=start
Having auto=start on both sides while using dpdaction and the default
uniqueids setting is problematic: Both sides initiate the tunnel, then
the redundant tunnel is closed due the uniqueids policy. But the DPD
action will implicitly set a "closeaction", which triggers the
recreation of the tunnel.
This most likely results in a tunnel setup and teardown loop, increasing
your requids and killing your throughput.
If it is an option for you, I'd change to auto=add on one side.
Otherwise you could try the patch at [1], see [2] for more details. The
issue has been fixed for the next release with [3].
Regards
Martin
[1]http://lists.strongswan.org/pipermail/users/attachments/20110601/487ee9ae/attachment.bin
[2]https://lists.strongswan.org/pipermail/users/2011-June/006250.html
[3]http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=f34ebc84
More information about the Users
mailing list