On Tue, Jan 29, 2008 at 10:47:05AM +0100, Norman Maurer wrote: > Am Dienstag, den 29.01.2008, 10:24 +0100 schrieb Norman Maurer: > > Am Dienstag, den 29.01.2008, 00:04 -0800 schrieb Christopher Cowart: > > > On Tue, Jan 29, 2008 at 08:46:18AM +0100, Norman Maurer wrote: > > > > I have some strange problem.. After racoon works some hours it seems to > > > > "freeze" and get a cpu usage of 99,9%. The vpns don't work anymore too.. > > > > Any idea ? > > > > > > By any chance do you have a large number of tunnels? We went so far as > > > to write a daemon to watch racoon and restart it automatically. We > > > finally ended up bumping up buffer sizes in the ipsec-tools sources and > > > sysctl. > > > > > > See this thread from -net: > > > http://lists.freebsd.org/pipermail/freebsd-net/2007-August/015046.html > > > > > > > We have about 15 tunnels.. Can you please show me the changes you did > > ( maybe a diff ) and the shell script ?
15 tunnels doesn't sound like enough to cause problems; we were dealing with 80-100 SAs before we saw problems. The patch is here: http://lists.freebsd.org/pipermail/freebsd-net/2007-September/015456.html Our sysctl change is this: $ sysctl -a kern.ipc.maxsockbuf kern.ipc.maxsockbuf: 4194304 You might try pinging -net with the symptoms or drawing some of these old threads. -- Chris Cowart Network Technical Lead Network & Infrastructure Services, RSSP-IT UC Berkeley
pgpR72KWKeZYy.pgp
Description: PGP signature
