5.5.2 client fails to connect after 256 connections using freebsd 11
FreeBSD Strongswan client fails to connect after 256 ipsec up/ipsec down commands.
Using latest version from ports (5.5.2) on
# uname -a FreeBSD strongswan2 11.0-RELEASE-p9 FreeBSD 11.0-RELEASE-p9 #0: Tue Apr 11 08:48:40 UTC 2017 email@example.com:/usr/obj/usr/src/sys/GENERIC amd64
tun-device: Use next free TUN device on FreeBSD
While this API is documented as legacy (and there is a sysctl option to
disable it) the documentation also mentions that it will probably stay
enabled by default due to compatibility issues with existing applications.
With the previous approach only 255 devices could be opened then the
daemon had to be restarted.
#1 Updated by Tobias Brunner over 2 years ago
- Status changed from New to Feedback
#2 Updated by Mike E over 2 years ago
The freebsd tun driver has the ability to return the lowest unused tun device by opening "/dev/tun" (since 5.0-RELEASE). Wouldn't this be the preferred method for creating a tun device?
#3 Updated by Tobias Brunner over 2 years ago
- Tracker changed from Issue to Bug
I think I didn't use that because it's documented as legacy feature. But I guess the following means it's unlikely it will disappear:
Disabling the legacy devfs cloning functionality may break existing
applications which use tun, such as ppp(8) and ssh(1). It therefore
defaults to being enabled until further notice.
If you like you can try the patch in the 2313-freebsd-tun branch.