OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 18.1 Legacy Series »
  • 18.1.6 IPsec with packet loss
« previous next »
  • Print
Pages: [1]

Author Topic: 18.1.6 IPsec with packet loss  (Read 1816 times)

mircsicz

  • Full Member
  • ***
  • Posts: 108
  • Karma: 3
    • View Profile
18.1.6 IPsec with packet loss
« on: May 07, 2018, 12:35:32 pm »
I've a machine with a client for a home-office. That connection drop's packages from time to time. I've not had a report for issue's last week but today I got another report...

It's monitored through Zabbix so I've got some stat's:
https://snag.gy/VvMzN2.jpg

And this is what the log gave me:
Code: [Select]
May  7 09:06:01 router charon: 12[KNL] unable to delete SAD entry with SPI ce0e3334
May  7 09:06:01 router charon: 12[KNL] error sending to PF_KEY socket: No buffer space available
May  7 09:06:01 router charon: 12[KNL] unable to delete SAD entry with SPI c9939946
May  7 09:06:01 router charon: 12[KNL] error sending to PF_KEY socket: No buffer space available
May  7 09:06:01 router charon: 12[KNL] unable to delete SAD entry with SPI c62c0cf2
May  7 09:06:01 router charon: 12[KNL] error sending to PF_KEY socket: No buffer space available
May  7 09:06:01 router charon: 12[KNL] unable to delete SAD entry with SPI ce922c2b
May  7 09:06:01 router charon: 12[KNL] error sending to PF_KEY socket: No buffer space available
May  7 09:06:01 router charon: 12[KNL] unable to delete SAD entry with SPI c6c5b97c
May  7 09:06:01 router charon: 12[KNL] error sending to PF_KEY socket: No buffer space a

So what are those messages about?

I checked the Web-IF and saw that the tunnel had lot's of SPI's, so I manually stopped the tunnel and we had a call over the tunnel which only went silent for like 10 sec's... AWESOME!! When the tunnel was up again it was only the one expected SPI there...

Here's the log from the time when I diconnected the tunnel:
https://pastebin.com/m9VufWAU

So my question is how can I avoid that behaviour in the future?


Logged

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 18.1 Legacy Series »
  • 18.1.6 IPsec with packet loss
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2