[strongSwan] Ipsec Connection Limits

Noel Kuntze noel at familie-kuntze.de
Tue Feb 10 21:24:47 CET 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello Joshua,

Without any context those messages don't say anything.
Please see if that error continues to occur independent of the client
but dependent on the number of successfully connected clients.

Mit freundlichen Grüßen/Regards,
Noel Kuntze

GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658

Am 10.02.2015 um 19:50 schrieb joshua:
> I am digging through the logs for errors, and nothing seems to pop out.
>
> Here is some issues with decrypting payloads. But I believe it continues on past that.
>
> Feb 10 18:02:02 03[ENC] invalid HASH_V1 payload length, decryption failed?
> Feb 10 18:02:02 03[ENC] could not decrypt payloads
> Feb 10 18:02:02 03[IKE] message parsing failed
> Feb 10 18:02:02 03[IKE] ignore malformed INFORMATIONAL request
> Feb 10 18:02:02 03[IKE] INFORMATIONAL_V1 request with message ID 3319602500 processing failed
>
>
> -------------------------
>
>
>
> Joshua J. Gross
>
>
> > Date: Tue, 10 Feb 2015 18:30:28 +0100
> > From: noel at familie-kuntze.de
> > To: users at lists.strongswan.org
> > Subject: Re: [strongSwan] Ipsec Connection Limits
> >
> >
> Hello Joshua,
>
> That is an interesting problem. Do you have any logs of the issue you can provide to us?
> Like authentication failing or a failure during installation of the policies?
>
> Mit freundlichen Grüßen/Regards,
> Noel Kuntze
>
> GPG Key ID: 0x63EC6658
> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
>
> Am 10.02.2015 um 17:55 schrieb joshua:
> > We are running Strongswan 5.04 on Ubuntu 12.04 KVM.
> > The kernel used to be a 3.2-virtual which we upgraded to 3.13-generic.
>
> > It seems that strongswan only ever gets 20-30 connected users. Meanwhile we have very similar servers on
> > the public cloud (i.e.: digital ocean) that easily get over 150 connected users.
>
> > The VM with the issue was built ourselves on a dedicated server. We checked the majority of
> > OS settings between the two servers and nothing sticks out.
>
> > Is there any setting on a host or VM that could cause this kind of behavious?
>
>
>
> > -------------------------
>
>
>
> > Joshua J. Gross
>
>
> > _______________________________________________
> > Users mailing list
> > Users at lists.strongswan.org
> > https://lists.strongswan.org/mailman/listinfo/users
>
> >
> > _______________________________________________
> > Users mailing list
> > Users at lists.strongswan.org
> > https://lists.strongswan.org/mailman/listinfo/users
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJU2mkPAAoJEDg5KY9j7GZY/HcQAIzIflwpvheXk47fk0q/qT6C
axXJB140hx/bEU3sL//SGitVYeK2i56rw962jSfflDYJkCYg/wJA7CCZZflnCQEm
hMIGaZ9fNutmcbDOuwzr7KnNu0820lacYhKPlA5iXY85gVgaCBIOOFsCVEPvTcDL
z6HudW3QdN3jh0JrYzyiNMvS7jKCjOwy1Id3BcMYJ+SMdsCL9gH1FG/vR49zKIr0
xcqRXcUpcXTL2ex96cRaZ09G+olsXWBrE+suH4sK5gnlyFXgVCklnmDxyOYMU571
TbdIwjknXGk+AVxzrkBRa1cMAsnzkVHSeebsMvxHAjYr+W8i6yfcS7sm8rIhrC8B
/7fnqks7aM8Zm6aYuXCwxuK6sQZme8Uuc/lwGFc60fosAbPTArksP3O4Ot48sSli
mYyd83y1ca3kfiSJlBoJa+IWAPggEQ6XIMcGRY+rU2LH1X3nd29uw/+tYRNmVXeo
cZSbWJprOPQxjQs5Lvy5To7UC4h9+WuMZn0HyCCZCDMzihw8XNMIYiSsSJGxSoGB
qm2dU4Jl+DTuA2LSI2kyZ6LS52wpu8CidCrTO2pWilHYqKmomOrRBTmE84xm8KPM
STxDI1Mx5OW3FItZLdtwAdBNRL6TWB0qZ35EQZpPBA80KdBBrY7hrtqr0WCBW3Hm
iKCCz0UNgfoHCL+3tzkS
=7OZD
-----END PGP SIGNATURE-----




More information about the Users mailing list