[strongSwan] Site-To-Site becomes unreasonable slow within 12h of running
Kim Zeitler
kim.zeitler at konzept-is.de
Tue Jun 21 16:12:55 CEST 2011
Hi Martin,
thanks for your prompt replay.
>> conn moon
>> dpdaction=restart
>> auto=start
>
>> conn sun
>> dpdaction=restart
>> auto=start
>
> Having auto=start on both sides while using dpdaction and the default
> uniqueids setting is problematic: Both sides initiate the tunnel, then
> the redundant tunnel is closed due the uniqueids policy. But the DPD
> action will implicitly set a "closeaction", which triggers the
> recreation of the tunnel.
Seems logical. The dpdaction=restart only found its way into the config,
as we had the problems with the connection 'hanging' not allowing any
traffic through.
>
> This most likely results in a tunnel setup and teardown loop, increasing
> your requids and killing your throughput.
>
> If it is an option for you, I'd change to auto=add on one side.
> Otherwise you could try the patch at [1], see [2] for more details. The
> issue has been fixed for the next release with [3].
>
Patching the src is no option for us. I have changed one side to 'add'.
Did you also mean removing the dpdaction?
Cheers,
Kim
More information about the Users
mailing list