Hosting Provided By

Re: [Users] Interesting problem...

From: Ian Brown <freeswan(at)wopr.mitchellandmitchell.com>
Date: Wed Feb 12 2003 - 15:18:53 EST

I've figured it out. Looks like traffic shaping is breaking ipsec to some extent.
I had this line running:
/sbin/tc qdisc add dev eth2 root tbf rate 132Kbit latency 15ms burst 1500

Where eth2 is the external interface. Normally this would shorten the transmit que length which would make my gateway much more responsive even when the bandwidth was being fully utilized. I noticed that now even with ipsec completely disabled, there seemed to be some kind of pause while data was being transmitted to me (via ssh).. I had to hit the space bar a couple of times to get a full directory listing to complete... after disabling that command, the pausing stopped, and ipsec started to work correctly.

Is anyone else using tc? Perhaps my settings are just wrong? (Or became wrong after some kinda kernel update)

On Wed, 12 Feb 2003, Ken Bantoft wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
>
>
> I've used rdesktop over SFS a few times... no problems that I've
> encountered. Are you running rdesktop on the Gateway itself, or behind
> it?
>
>
> On Tue, 11 Feb 2003, Ian Brown wrote:
>
> >
> > I've recently upgraded my kernel to 2.4.18-24. (Running redhat 8) and
> > decided to load the latest superfreeswan source avaliable (1.99_kb4).
> > Since I've been using freeswan previously, I didn't have to mess with any
> > of my current ipsec settings and after upgrading both gateways to the
> > exact same versions of both the kernel and freeswan, the tunnels that I
> > had previously configured came back alive.
> > But here is where the problem now occurs. For the most part, the tunnels
> > seem to work perfectly. I can ping, I can ssh, web browse.. everything
> > through the tunnel works... except for terminal server. When I attempt to
> > connect to a terminal server through the tunnel, the client program
> > (Remote desktop) errors out (broken connection error)and at the exact
> > same time I get this in my /var/log/messages log file:
> > kernel: klips_error:ipsec_tunnel_start_xmit: ip_send() failed, err=-1
> >
> > That is the ONLY time I see that message... Otherwise the tunnel works
> > fine.
> >
> > Any ideas?
> >
>
> - --

Users mailing list
Users@lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users Received on Mon Mar 3 19:48:34 2003

This message: [ Message body ]
Next message: Crabby Pattie: "[Users] Redundant tunnels"
Previous message: MIS: "[Users] asante vr2004c & d-link di-804v use frees/wan?"
In reply to Ken Bantoft: "Re: [Users] Linksys BEFSX41 in agressive mode"
Next in thread: Alistair J Ross: "Re: [Users] Interesting problem..."
Reply: Alistair J Ross: "Re: [Users] Interesting problem..."
Reply: Teemu Torma: "Re: [Users] Interesting problem..."

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 13:00:28 EDT