Hi Brandan I've experienced just this even with the crypto accelerator card. That was back on OpenBSD 4.8. I've found that about 8-10Mbit of IPsec traffic is all you're going to get out of these guys...your mileage may vary. Taking IPsec full throttle for 30 minutes or longer was causing my 5501 to fall off the network....lost layer 2 and serial to the box entirely.
My work around was to QoS the IPsec traffic down. Another option that I hadn't done personally and assuming you've enabled ipcomp, you can turn it off to save CPU resources. Again hadn't done it. Most IPsec documentation for OpenBSD tells you to enable this in /etc/sysctl.conf, so it might break your flows and SAs. This is the setting: net.inet.ipcomp.enable=1 # 0 to disable or just comment out the line Let us know if you try it and notice a difference. Hope that helps. -Aric 2011/12/9 Brandan Rowley <[email protected]>: > Hi, > > I am new to the list so be gentle if this has been posted already. I am > using two net5501 (with the VPN chip) running OpenBSD 4.9 to setup a VPN > tunnel. The tunnel has been up and running for a while. We’ve recently > added Windows 7 PC to the network. Performing file transfers from the > Windows 7 PC’s across the VPN tunnel causes the internal interface of the > net5501 to stop responding. A reboot is needed to get the interface > communicating again. This repeatable. Windows XP clients have no issues. > Is this a fix or workaround for this? I’ve tried OpenBSD 5.0 and read of > similar issues on OpenBSD, but have not found a resolution. > > Regards, > Brandan > > > _______________________________________________ > Soekris-tech mailing list > [email protected] > http://lists.soekris.com/mailman/listinfo/soekris-tech > _______________________________________________ Soekris-tech mailing list [email protected] http://lists.soekris.com/mailman/listinfo/soekris-tech
