-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hello,
My desktop PC is connected to a server in my LAN over IPsec. The server is used, among other things, as DNS resolver. When my desktop is under high network load (everything over 50 Mbit), I can't initiate new TCP connections over the VPN, nor send UDP or ICMP packets. When I try to ping the server, I just get "connect: No buffer space available". DNS requests just time out and trying to ssh to the server just yields a similiar error as ping does. An already established ssh connection works just fine, though. The errors shown in nstat (or netstat -s) increment dramatically when that happens. When I tear down the tunnel and establish it again, the problem disappears. My desktop PC gets a "virtual" IP for use in the VPN. If I try to ping that IP from the server, it times out. If I ping the LAN IP of my desktop PC though, it works just fine. Did anyone have such a problem and how do I fix that? I already tried incrementing the replay window to over 32, but strongSwan just sets it to 0, if I try that. (charon.replay_window) Regards, Noel Kuntze - -- GPG Key id: 0x63EC6658 Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJTtAA2AAoJEDg5KY9j7GZYRawP/RTVyGjVu9nYXWRR4rs61G79 OG0QasSfB9Y7+W/yaSHS4pphDbFAAVGXm2JaSwVVF5/8OvRMl3Z7TA/P5syjH5p3 SfzZwf7iL337Cr0q2XTeFCTS+bwl4rgbIpHhOGjoi4BGgmlcoadNgLKa00M8t9zI WL7CiJQlrUTpTykxMyCtJA6QR8cwSh3lP9Gxvt4yFh7/ttmSaDEQz17paevexYsh 47CUGhjj61yY+eoAC1fwACe6TaLWUO6i8IZoS1QLnpiySPKEWFb/MDgA9Xrtj8PO b9lRO4CGTUTeEg8k9RPdkbJGl9J/ZxLt2auk1iGittjT1h6FzB9/PjtpQrOl7PPh CSl3s5e5uWySeglMnyHZL9RXGpq8niLwSy2bLDJK4v34iRo19Yu+Pkb6jaxf81dz a13xCRVMgol0DnccUmTfuUCbu9Cm+VywY6caeiAnI8CNQkyzIYIVxe68eDOu5+8Q pwinJKjhR10C1KCYU+DdCBqojyS3Za2bWJ/zypZWh++IRAwhKJ3OUMX0+P7wddSl lCzJBh1WWn3PhnMERI93AmoRLKdlVx+7dHdDIfACWMf4ql7Tm0T7BkaWqfsB5LpK Bc+XaspFuyNb9CA7J0RPYlWJFA1bIZApQyF8h+WODO9LJd76xYPF7vCmx46WuRAj 44VK4HBWjZE/6Oj5qDTn =KFjR -----END PGP SIGNATURE----- _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
