I’ve yet to catch the TX errors in the wild, but the RX errors happen when large amounts of TCP traffic are going across the tunnel. They don’t appear to be aligned with restart/rekey.
XfrmInNoStates 1 XfrmInStateSeqError 3337 XfrmOutNoStates 1757 > On Jul 2, 2017, at 5:05 AM, Paul Wouters <[email protected]> wrote: > > On Tue, 27 Jun 2017, Craig Marker wrote: > >> tunisp4: flags=209<UP,POINTOPOINT,RUNNING,NOARP> mtu 1480 >> inet x.x.x.x netmask 255.255.255.255 destination y.y.y.y >> tunnel txqueuelen 1 (IPIP Tunnel) >> RX packets 8732239 bytes 2617024564 (2.4 GiB) >> RX errors 397 dropped 397 overruns 0 frame 0 >> TX packets 14074281 bytes 10912751224 (10.1 GiB) >> TX errors 1679 dropped 0 overruns 0 carrier 1679 collisions 0 >> I’m seeing RX errors and dropped packets in addition to TX carrier errors on >> my IPsec VTI. I’ve played >> around with txqueuelen, which reduces the RX errors, but doesn’t eliminate >> them. Has anyone else seen >> these or have an idea of configuration to change? I’m running libreswan 3.19 >> on CentOS 7.3. > > Did those happen during restart/rekey ? > > What does this command say: grep -v -P "\t0$" /proc/net/xfrm_stat > > Paul _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
