Project

General

Profile

Issue #1196

charon is using extremely high cpu on connection if there is many ip routes.

Added by 玲奈 神楽坂 almost 10 years ago. Updated almost 10 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
configuration
Affected version:
5.3.3
Resolution:
No change required

Description

I have a strongswan vpn server with complex routing tables.
one of the table is contains many routes, but it isn't table main nor table 220, strongswan shouldn't care about it.

then, when a user connecting, charon process with take 100% cpu, and will take a lone time to finish connect or even sometimes cause client timeout.

$ ip route show table 101
default dev railgun20 scope link src 10.2.0.1 realm 21 advmss 1360
1.0.0.0/24 dev railgun20 scope link src 10.2.0.1 realm 23 advmss 1360
1.0.1.0/24 via 115.29.187.247 dev eth1
1.0.2.0/23 via 115.29.187.247 dev eth1
... many routes.

$ ip route show table 101 | wc -l
20098

$ ipsec --version
Linux strongSwan U5.3.3/K4.2.4-1-ARCH
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil, Switzerland
See 'ipsec --copyright' for copyright information.

History

#1 Updated by 玲奈 神楽坂 almost 10 years ago

i found charon.interfaces_use and charon.ignore_routing_tables, seems solved. sorry for creating this issue.

#2 Updated by Tobias Brunner almost 10 years ago

  • Tracker changed from Bug to Issue
  • Category set to configuration
  • Status changed from New to Closed
  • Resolution set to No change required