Re: linux-ipsec: freeswan-0.90 works, then hangs

> ...great to quickly get things running with pluto, but I'd like to know

The new "ipsec manual" command, found in current snapshots (caveat: it's still somewhat experimental), automates most of the detail of getting a manually-keyed connection set up, which should ease Pluto-less testing.

It's harmless to have a Pluto running, by the way, since it doesn't do anything unless prodded to (either by being configured as "active", or via the "ipsec setup active" command). So the recommended way to do such tests is to use the existing setup/configuration machinery, configure both sides as passive, and simply do things manually and ignore the Pluto daemons.

> When I reboot the two machines, the VPN comes up. And, I'm able to use

Anything interesting in the logs?

By the way, note a known problem: if you have full Klips debugging turned on, on an older/slower machine, it seems to be possible for the logging itself to swamp your kernel to the point that packets are lost! We have not yet fully characterized this problem, but it looks like that's what's happening. The full debugging generates A LOT of log entries, and syslog is not very efficient at handling bulk traffic. If you have Klips debugging configured on, turn it off and try again.

That is the only known hang in 0.90 that normal users are at all likely to run into. Nothing has yet been done about it, partly because we don't fully understand it yet, partly because Richard is on vacation, and partly because it may not be our problem.

                                                          Henry Spencer
                                                       henry@spsystems.net
                                                     (henry@zoo.toronto.edu)