Your message dated Thu, 04 Mar 2010 19:33:32 +0100
with message-id <[email protected]>
and subject line closed as fixed in newer versions
has caused the Debian Bug report #319770,
regarding continual rekeying causes inordinate CPU usage
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
319770: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=319770
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: racoon
Version: 1:0.6-1
Severity: normal
After racoon has been running for a while, it seems to get itself into a
state where it is continuously setting up and tearing down SAs as
quickly as it can:
Jul 24 18:44:51 mebius racoon: INFO: IPsec-SA established: ESP/Tunnel
x.x.x.x[4500]->192.168.2.101[4500] spi=242473511(0xe73da27)
Jul 24 18:44:51 mebius racoon: INFO: IPsec-SA established: ESP/Tunnel
192.168.2.101[4500]->x.x.x.x[4500] spi=258690464(0xf6b4da0)
Jul 24 18:44:52 mebius racoon: INFO: IPsec-SA expired: ESP/Tunnel
x.x.x.x[0]->192.168.2.101[0] spi=242473511(0xe73da27)
Jul 24 18:44:52 mebius racoon: INFO: initiate new phase 2 negotiation:
192.168.2.101[4500]<=>x.x.x.x[4500]
Jul 24 18:44:52 mebius racoon: INFO: NAT detected -> UDP encapsulation
(ENC_MODE 1->3).
Jul 24 18:44:52 mebius racoon: INFO: Adjusting my encmode
UDP-Tunnel->Tunnel
Jul 24 18:44:52 mebius racoon: INFO: Adjusting peer's encmode
UDP-Tunnel(3)->Tunnel(1)
Jul 24 18:44:52 mebius racoon: INFO: IPsec-SA established: ESP/Tunnel
x.x.x.x[4500]->192.168.2.101[4500] spi=242473511(0xe73da27)
Jul 24 18:44:52 mebius racoon: INFO: IPsec-SA established: ESP/Tunnel
192.168.2.101[4500]->x.x.x.x[4500] spi=217834153(0xcfbe2a9)
Jul 24 18:44:53 mebius racoon: INFO: IPsec-SA expired: ESP/Tunnel
x.x.x.x[0]->192.168.2.101[0] spi=242473511(0xe73da27)
Jul 24 18:44:53 mebius racoon: INFO: initiate new phase 2 negotiation:
192.168.2.101[4500]<=>x.x.x.x[4500]
Jul 24 18:44:53 mebius racoon: INFO: NAT detected -> UDP encapsulation
(ENC_MODE 1->3).
Jul 24 18:44:53 mebius racoon: INFO: Adjusting my encmode
UDP-Tunnel->Tunnel
Jul 24 18:44:53 mebius racoon: INFO: Adjusting peer's encmode
UDP-Tunnel(3)->Tunnel(1)
Jul 24 18:44:53 mebius racoon: INFO: IPsec-SA established: ESP/Tunnel
x.x.x.x[4500]->192.168.2.101[4500] spi=242473511(0xe73da27)
Jul 24 18:44:53 mebius racoon: INFO: IPsec-SA established: ESP/Tunnel
192.168.2.101[4500]->x.x.x.x[4500] spi=83407585(0x4f8b2e1)
Jul 24 18:44:54 mebius racoon: INFO: IPsec-SA expired: ESP/Tunnel
x.x.x.x[0]->192.168.2.101[0] spi=242473511(0xe73da27)
Jul 24 18:44:54 mebius racoon: INFO: initiate new phase 2 negotiation:
192.168.2.101[4500]<=>x.x.x.x[4500]
As well as making it difficult to actually use the encrypted link, this
is annoying because it causes racoon to chew up a large amount of CPU
time.
p.
--- End Message ---
--- Begin Message ---
i close this bug hereby as it is fixed in newer versions.
I had a link online for 3 days and set the key lifetime to a small
value (30minutes). There have been around 150 rekeyings over this 3
days without problems and no increase in load.
Stefan
--
Stefan Bauer -----------------------------------------
PGP: E80A 50D5 2D46 341C A887 F05D 5C81 5858 DCEF 8C34
-------- plzk.de - Linux - because it works ----------
--- End Message ---
