Mantis Bug Tracker
Main | My View | View Issues | Change Log | Roadmap
  

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0000686IPFire 2.7Stable/Final-Versionpublic2010-07-09 21:522010-09-05 17:32
Reporteripmaxfire 
Assigned ToArne_F 
PrioritynormalSeverityminorReproducibilityalways
StatusassignedResolutionopen 
Platformi386OSLinuxOS Version2.5
Product VersionCore38 
Target VersionFixed in Version 
Summary0000686: pluto / strongswan producing cpu load
Descriptionhave 3 ipsec vpn connections to ipcop (current version) configured and well running with certificates. updating to current core 38 was no problem. vpn connections do work and reconnect, but pluto gives a 100% cpu load and the log file of ipsec is about 40.000 lines for 12 hours.

Main errors / entries in the log file of ipsec are:
malformed packet in payload
duplicate packet
next payload type of ISAKMP Identification Payload has an unknown value: 113
next payload type of ISAKMP Identification Payload has an unknown value: 227
next payload type of ISAKMP Identification Payload has an unknown value: 42

platform: Atom n270, USB pen as boot drive

TagsNo tags attached.
Attached Filestxt file icon pluto.txt [^] (780 bytes) 2010-07-09 21:52 [Show Content]
png file icon load_diagramm.png [^] (22,965 bytes) 2010-07-09 21:53


png file icon cpu_diagramm.png [^] (42,493 bytes) 2010-07-09 21:53


png file icon prozesse_diagramm.png [^] (24,366 bytes) 2010-07-09 21:53

- Relationships

-  Notes
(0002174)
ipmaxfire (reporter)
2010-07-09 21:55
edited on: 2010-07-09 21:56

 the effect of all is: squid (configured as transparent proxy) responds very slow, status page of ipfire responds slow on vpnmain.cgi

update to core38 was on friday morning (see graphs)
(0002175)
Maniacikarus (administrator)
2010-07-09 23:06

 Did you selected multiple protocols for IKE and ESP
(0002176)
ipmaxfire (reporter)
2010-07-10 10:08
edited on: 2010-07-10 10:47

 I have the following settings set to on:

IKE: AES 256, 3DES
IKE integrity: SHA, MD5
IKE group: MODP-6144 "down to" MODP-1024
lifetime 1 hour

ESP: AES 256, 3DES
ESP integrity: SHA, MD5
ESP group: Phase 1
lifetime 8 hours

PFS turned on
compression turned on

The above settings are true for both of my vpn connections.


=====================

Reducing settings to AES256 does not change anything.
(0002184)
ipmaxfire (reporter)
2010-07-23 21:02

 Did a fresh reinstall from current .38 iso image and imported old settings from ipf-file (further did bios upate of my D945GSEJT board to current version).

without any change.

http-surfing via squid transparent proxy is as slow as a modem connection
(0002295)
Arne_F (administrator)
2010-09-05 17:32

 First try to disable the compression on both sides. Maybee the compression is not compatibe between the very old openswan 1.x and strongswan.

- Issue History
Date Modified Username Field Change
2010-07-09 21:52 ipmaxfire New Issue
2010-07-09 21:52 ipmaxfire File Added: pluto.txt
2010-07-09 21:53 ipmaxfire File Added: load_diagramm.png
2010-07-09 21:53 ipmaxfire File Added: cpu_diagramm.png
2010-07-09 21:53 ipmaxfire File Added: prozesse_diagramm.png
2010-07-09 21:55 ipmaxfire Note Added: 0002174
2010-07-09 21:56 ipmaxfire Note Edited: 0002174 View Revisions
2010-07-09 23:06 Maniacikarus Note Added: 0002175
2010-07-10 10:08 ipmaxfire Note Added: 0002176
2010-07-10 10:47 ipmaxfire Note Edited: 0002176 View Revisions
2010-07-12 20:28 Maniacikarus Status new => assigned
2010-07-12 20:28 Maniacikarus Assigned To => Arne_F
2010-07-23 21:02 ipmaxfire Note Added: 0002184
2010-09-05 17:32 Arne_F Note Added: 0002295

Copyright © 2000 - 2010 MantisBT Group
Powered by Mantis Bugtracker