Bug#319770: continual rekeying causes inordinate CPU usage

Sun, 24 Jul 2005 12:20:05 -0700 

Package: racoon
Version: 1:0.6-1
Severity: normal

After racoon has been running for a while, it seems to get itself into a
state where it is continuously setting up and tearing down SAs as
quickly as it can:

Jul 24 18:44:51 mebius racoon: INFO: IPsec-SA established: ESP/Tunnel
x.x.x.x[4500]->192.168.2.101[4500] spi=242473511(0xe73da27)
Jul 24 18:44:51 mebius racoon: INFO: IPsec-SA established: ESP/Tunnel
192.168.2.101[4500]->x.x.x.x[4500] spi=258690464(0xf6b4da0)
Jul 24 18:44:52 mebius racoon: INFO: IPsec-SA expired: ESP/Tunnel
x.x.x.x[0]->192.168.2.101[0] spi=242473511(0xe73da27)
Jul 24 18:44:52 mebius racoon: INFO: initiate new phase 2 negotiation:
192.168.2.101[4500]<=>x.x.x.x[4500]
Jul 24 18:44:52 mebius racoon: INFO: NAT detected -> UDP encapsulation
(ENC_MODE 1->3).
Jul 24 18:44:52 mebius racoon: INFO: Adjusting my encmode
UDP-Tunnel->Tunnel
Jul 24 18:44:52 mebius racoon: INFO: Adjusting peer's encmode
UDP-Tunnel(3)->Tunnel(1)
Jul 24 18:44:52 mebius racoon: INFO: IPsec-SA established: ESP/Tunnel
x.x.x.x[4500]->192.168.2.101[4500] spi=242473511(0xe73da27)
Jul 24 18:44:52 mebius racoon: INFO: IPsec-SA established: ESP/Tunnel
192.168.2.101[4500]->x.x.x.x[4500] spi=217834153(0xcfbe2a9)
Jul 24 18:44:53 mebius racoon: INFO: IPsec-SA expired: ESP/Tunnel
x.x.x.x[0]->192.168.2.101[0] spi=242473511(0xe73da27)
Jul 24 18:44:53 mebius racoon: INFO: initiate new phase 2 negotiation:
192.168.2.101[4500]<=>x.x.x.x[4500]
Jul 24 18:44:53 mebius racoon: INFO: NAT detected -> UDP encapsulation
(ENC_MODE 1->3).
Jul 24 18:44:53 mebius racoon: INFO: Adjusting my encmode
UDP-Tunnel->Tunnel
Jul 24 18:44:53 mebius racoon: INFO: Adjusting peer's encmode
UDP-Tunnel(3)->Tunnel(1)
Jul 24 18:44:53 mebius racoon: INFO: IPsec-SA established: ESP/Tunnel
x.x.x.x[4500]->192.168.2.101[4500] spi=242473511(0xe73da27)
Jul 24 18:44:53 mebius racoon: INFO: IPsec-SA established: ESP/Tunnel
192.168.2.101[4500]->x.x.x.x[4500] spi=83407585(0x4f8b2e1)
Jul 24 18:44:54 mebius racoon: INFO: IPsec-SA expired: ESP/Tunnel
x.x.x.x[0]->192.168.2.101[0] spi=242473511(0xe73da27)
Jul 24 18:44:54 mebius racoon: INFO: initiate new phase 2 negotiation:
192.168.2.101[4500]<=>x.x.x.x[4500]

As well as making it difficult to actually use the encrypted link, this
is annoying because it causes racoon to chew up a large amount of CPU
time.

p.



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to