Hi, >>>>> "OP" == Olivier PELERIN <[email protected]> writes:
OP> Tried to follow this kernel commit - it does not work OP> https://lists.ubuntu.com/archives/kernel-team/2013-November/034116.html OP> It seems utterly broken OP> From: [email protected] OP> To: [email protected]; [email protected] OP> Date: Thu, 18 Dec 2014 10:11:23 +0100 OP> Subject: Re: [strongSwan] Strongswan using VTI OP> Will try it out OP> When I strace my ping I'm getting (Resource temporarily unavailable) when we receive the echo-reply OP> sendmsg(3, {msg_name(16)={sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("10.0.0.2")}, msg_iov(1)=[{"\10\0\312\350Y\362\00096\231\222T\0\0\0\0K+\0\0\0\0\0\0\20\21\22\23\24\25\26\27"..., 64}], msg_controllen=32, {cmsg_len=28, cmsg_level=SOL_IP, cmsg_type=, ...}, msg_flags=0}, 0) = 64 OP> recvmsg(3, 0x7fff93401680, 0) = -1 EAGAIN (Resource temporarily unavailable) OP> gettimeofday({1418893623, 10985}, NULL) = 0 OP> gettimeofday({1418893623, 11029}, NULL) = 0 check your kernel parameter xfrm4_gc_thresh with: cat /proc/sys/net/ipv4/xfrm4_gc_thresh if you see 1024 or even 2048 as the result, it's way to low. bump it up with: echo 262144 > /proc/sys/net/ipv4/xfrm4_gc_thresh and check your ping/traceroute again. if you succseed, make your setting permanet and add net.ipv4.xfrm4_gc_thresh = 262144 to /etc/sysctl.conf. kind regards, schwarz -- Gärtner Datensysteme GmbH & Co. KG Komplementärin: Gärtner Datensysteme Hamburger Str. 273a Tel. (0531) 2 33 55 55 Verwaltungs GmbH 38114 Braunschweig Fax (0531) 2 33 55 56 Amtsgericht Braunschweig Amtsgericht Braunschweig HRA 200 848 HRB 202 115 GmbH-Geschäftsführung: Christine Müller Martin Neitzel Ulrich Schwarz Dr. Stefan Gärtner _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
