On Tue, Jan 29, 2008 at 10:47:05AM +0100, Norman Maurer wrote:
> Am Dienstag, den 29.01.2008, 10:24 +0100 schrieb Norman Maurer:
> > Am Dienstag, den 29.01.2008, 00:04 -0800 schrieb Christopher Cowart:
> > > On Tue, Jan 29, 2008 at 08:46:18AM +0100, Norman Maurer wrote:
> > > > I have some strange problem.. After racoon works some hours it seems to
> > > > "freeze" and get a cpu usage of 99,9%. The vpns don't work anymore too..
> > > > Any idea ?
> > > 
> > > By any chance do you have a large number of tunnels? We went so far as
> > > to write a daemon to watch racoon and restart it automatically. We
> > > finally ended up bumping up buffer sizes in the ipsec-tools sources and
> > > sysctl.
> > > 
> > > See this thread from -net:
> > > http://lists.freebsd.org/pipermail/freebsd-net/2007-August/015046.html
> > > 
> > 
> > We have about 15 tunnels.. Can you please show me the changes you did
> > ( maybe a diff ) and the shell script ?

15 tunnels doesn't sound like enough to cause problems; we were dealing
with 80-100 SAs before we saw problems.

The patch is here:
http://lists.freebsd.org/pipermail/freebsd-net/2007-September/015456.html

Our sysctl change is this:
$ sysctl -a kern.ipc.maxsockbuf
kern.ipc.maxsockbuf: 4194304

You might try pinging -net with the symptoms or drawing some of these
old threads. 

-- 
Chris Cowart
Network Technical Lead
Network & Infrastructure Services, RSSP-IT
UC Berkeley

Attachment: pgpR72KWKeZYy.pgp
Description: PGP signature

Reply via email to