Menu
▾
▴
Re: [Ipsec-tools-users] setkey -F or -FP hangs system
|
From: Brian A. S. <lav...@sp...> - 2008-09-11 20:42:47
|
Can you strace(8) it out and find out what the last call is (via remote console, perhaps?) ~~BAS On Fri, 27 Jun 2008, Graham Murray wrote: > I have a number of pairs of systems which use ipsec in transport mode to > connect to each other. > > Following complete loss of networking to the site where one of these > systems is located, ssh access to the system was restored but the ipsec > tunnel to its peer did not re-establish. Running 'setkey -D' on both > systems showed no active SAs and 'setkey -DP' showed the correct > policies. In similar situations previously, restarting racoon on both > systems has allowed the ipsec tunnel to re-establish. However when I > stopped racoon via my ssh session, the whole system hung and needed > rebooting. The init script displayed the message that it was clearing > the policy entries which is does after shutting down the racoon > daemon. So I suspect that the hang was caused by either the 'setkey -F' > or 'setkey -FP' calls. > > The systems are running ipsec-tools 0.6.7 and kernel 2.6.24-gentoo-r8 on > a hyperthreaded Xeon processor. > > ------------------------------------------------------------------------- > Check out the new SourceForge.net Marketplace. > It's the best place to buy or sell services for > just about anything Open Source. > http://sourceforge.net/services/buy/index.php > _______________________________________________ > Ipsec-tools-users mailing list > Ips...@li... > https://lists.sourceforge.net/lists/listinfo/ipsec-tools-users > l8* -lava (Brian A. Seklecki - Pittsburgh, PA, USA) http://www.spiritual-machines.org/ "Guilty? Yeah. But he knows it. I mean, you're guilty. You just don't know it. So who's really in jail?" ~Maynard James Keenan |