[Swan] Thousand of log events per second
Ian Willis
ian at willis.org.au
Wed May 24 10:06:29 EEST 2023
Hi All (resent)
I'm seeing a huge number of these events in the journalctl log, about
20000 per second on Rocky linux 8, libreswan-4.5-1.el8_7.1.x86_64
This is the only host which uses TCP rather than UDP. When using UDP on
occasions the host (right side) won't connect as it appears to be
identified as another host. (Another issue for later)
"connection from X.X.X.X:28007: IKETCP ENABLED: socket 14: 0 byte
packet indicates EOF"
RSA keys are being used for auth
Configuration is something like the following
## Left
conn L-R
leftid=host-left
left=a.a.a.a
leftsubnet=0.0.0.0/0
leftmodecfgserver=yes
leftxauthserver=yes
leftrsasigkey=0sAwEAAZttF81FA4w.......dmw==
rightid=@host-right
right=%any
rightaddresspool=10.205.205.18-10.205.205.18
modecfgdns="c.c.c.c e.e.e.e f.f.f.f g.g.g.g"
# rsakey AwEAAZ277
rightrsasigkey=0sAwEAAZ277................5yrX/yHxJ/rs8=
authby=rsasig
ikev2=insist
auto=add
dpddelay=30
dpdtimeout=120
dpdaction=clear
## Right
conn L-R
leftid=host-left
left=a.a.a.a
leftsubnet=0.0.0.0/0
# rsakey AwEAAZttF
leftrsasigkey=0sAwEAAZttF........kj+Sxdmw==
rightid=@host-right
right=%defaultroute
rightmodecfgclient=yes
rightsubnet=0.0.0.0/0
rightxauthclient=yes
# rsakey AwEAAZ277
rightrsasigkey=0sAwEAAZ277........../rs8=
type=tunnel
mtu=1400
authby=rsasig
auto=start
ikev2=insist
mobike=yes
rekey=yes
enable-tcp=yes
####
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20230524/880ccf61/attachment.htm>
More information about the Swan
mailing list