Bug #2313
5.5.2 client fails to connect after 256 connections using freebsd 11
Start date:
Due date:
Estimated time:
Affected version:
5.5.2
Resolution:
Fixed
Description
FreeBSD Strongswan client fails to connect after 256 ipsec up/ipsec down commands.
Using latest version from ports (5.5.2) on
# uname -a
FreeBSD strongswan2 11.0-RELEASE-p9 FreeBSD 11.0-RELEASE-p9 #0: Tue Apr 11 08:48:40 UTC 2017 root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64
Associated revisions
History
#1 Updated by Tobias Brunner over 2 years ago
- Status changed from New to Feedback
#2 Updated by Mike E over 2 years ago
Hi Tobias,
The freebsd tun driver has the ability to return the lowest unused tun device by opening "/dev/tun" (since 5.0-RELEASE). Wouldn't this be the preferred method for creating a tun device?
#3 Updated by Tobias Brunner over 2 years ago
- Tracker changed from Issue to Bug
I think I didn't use that because it's documented as legacy feature. But I guess the following means it's unlikely it will disappear:
Disabling the legacy devfs cloning functionality may break existing
applications which use tun, such as ppp(8) and ssh(1). It therefore
defaults to being enabled until further notice.
If you like you can try the patch in the 2313-freebsd-tun branch.
#4 Updated by Mike E over 2 years ago
Works great, thanks!
#5 Updated by Tobias Brunner over 2 years ago
- Target version set to 5.5.3
#6 Updated by Tobias Brunner over 2 years ago
- Status changed from Feedback to Closed
- Assignee set to Tobias Brunner
- Resolution set to Fixed
tun-device: Use next free TUN device on FreeBSD
While this API is documented as legacy (and there is a sysctl option to
disable it) the documentation also mentions that it will probably stay
enabled by default due to compatibility issues with existing applications.
With the previous approach only 255 devices could be opened then the
daemon had to be restarted.
Fixes #2313.