Hi,
I'm running OpenBSD 4.8 on two Soekris net5501-70 boxes with vpn1411.
I have discovered that under heavy IPSec load the box freezes and after
having enabled the kernel watchdog the frozen box reboots automatically.
Nothing is logged nor printed to the console. After suffering this for
some time I finally had chance to debug the problem and found out that
if I remove the vpn1411 accelerator the box doesn't freeze any longer.
Performance is naturally not as good as with the accelerator and the box
is pretty much unresponsive under heavy IPSec load, but it still remains
stable. Running IPSec against an other 5501 works well, but running it
against an ipsec end point with more CPU power causes the box to freeze
and reboot. I'm running the boxes as a fail over cluster and freezing
happens with both the boxes so faulty hardware is unlikely, except that
if the whole patch is defective.
Here is a fragmet of ipsec.conf:
These are OpenBSD ipsec default parameters.
ike esp from $LocalNet to $RemoteNet \
local $LocalGw peer $RemoteGw \
main auth hmac-sha1 enc aes group modp1024 \
quick auth hmac-sha2-256 enc aes \
psk "xxx"
Best regards,
Marko
--
Marko Viitanen
System Administrator
Avoltus Oy
_______________________________________________
Soekris-tech mailing list
[email protected]
http://lists.soekris.com/mailman/listinfo/soekris-tech
