Re: [OpenIKED] Network traffic over VPN site-to-site tunnel stalls few times a day

Wed, 13 Nov 2019 05:36:08 -0800 

After upgrading my two endpoints to i386/6.6 it started to work flawlessly. 
There wasn't even one IKED restart within first two days of running.
Thank you Patrick, Stuart and everyone involved in making IKED work as 
expected. I really appreciate it.

# vmstat -m | head -n 17 
Memory statistics by bucket size
    Size   In Use   Free           Requests  HighWater  Couldfree
      16      528    752             125332    1280          0
      32     1470     66             105757     640          5
      64      600    168            2554483     320          0
     128      124     36              42106     160          0
     256      446     18              51276      80          0
     512      108      4             166303      40          0
    1024       46      6              48352      20          0
    2048       13      3                 74      10          0
    4096       16      2              84574       5          0
    8192       21      1                 44       5          0
   16384        6      0                505       5          0
   32768        6      0                 11       5          0
   65536        2      0              12333       5          0
  524288        1      0                  1       5          0

# vmstat -w 4
 procs    memory       page                    disk traps          cpu
 r   s   avm     fre  flt  re  pi  po  fr  sr wd0  int   sys   cs us sy id
 2  53   29M    313M   54   0   0   0   0   0   0  275    60  109  0  2 98
 0  57   30M    312M  140   0   0   0   0   0   0  378   131  470  0  4 96
 0  55   29M    313M   30   0   0   0   0   0   0  383    43  547  0  3 97
 0  55   29M    313M    2   0   0   0   0   0   0  380    17  529  0  3 97
 0  57   30M    312M  140   0   0   0   0   0   0  374   124  512  0  5 94


On Sun, 22 Sep 2019 17:11:20 +0200
Radek <[email protected]> wrote:

> Thank you Stuart.
> I can't touch/upgrade these routers, but I have a bunch of Soekris/net5501 
> that I can use for testing -current. Unfortunately, they are i386. I hope the 
> arch doesn't matter in this case.
> I'll try -current asap.
> 
> Am I the only one @misc who's facing this kind of iked issue? Nobody else 
> reports having the same issue here...
> 
> On Fri, 20 Sep 2019 16:55:02 -0000 (UTC)
> Stuart Henderson <[email protected]> wrote:
> 
> > On 2019-09-20, radek <[email protected]> wrote:
> > > Hello Patrick,
> > > I am sorry for the late reply.
> > >
> > > I have replaced my ALIX/Soekris production routers with APU1C and with PC 
> > > box (cpu0: Intel(R) Pentium(R) D CPU 2.80GHz, 2810.34 MHz, 0f-06-04). 
> > > Both are running 6.5/amd64 and both are fully syspatched.
> > 
> > Please try a -current snapshot for starters, quite a number of iked bugs
> > have been fixed since then including some which would cause connectivity
> > problems during rekeying. (If you *really* can't update the whole thing,
> > it should work to build -current iked on a 6.5 system, but no guarantees).
> > 
> > 
> 
> 
> -- 
> Radek
> 


-- 
Radek

Reply via email to