Project

General

Profile

Bug #2313

5.5.2 client fails to connect after 256 connections using freebsd 11

Added by Mike E about 2 years ago. Updated about 2 years ago.

Status:
Closed
Priority:
Normal
Category:
freebsd
Target version:
Start date:
Due date:
Estimated time:
Affected version:
5.5.2
Resolution:
Fixed

Description

FreeBSD Strongswan client fails to connect after 256 ipsec up/ipsec down commands.

Using latest version from ports (5.5.2) on

# uname -a
FreeBSD strongswan2 11.0-RELEASE-p9 FreeBSD 11.0-RELEASE-p9 #0: Tue Apr 11 08:48:40 UTC 2017     root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  amd64

ifconfig.txt (633 Bytes) ifconfig.txt ifconfig output Mike E, 02.05.2017 14:00
ipsec_server.conf (402 Bytes) ipsec_server.conf ipsec.conf from the server side Mike E, 02.05.2017 14:00
netstat.txt (962 Bytes) netstat.txt netstat from client after failed connect Mike E, 02.05.2017 14:00
ipsec_statusall.txt (938 Bytes) ipsec_statusall.txt ipsec statusall from client Mike E, 02.05.2017 14:00
ipsec.conf (852 Bytes) ipsec.conf clientside ipsec.conf Mike E, 02.05.2017 14:00
uname.txt (168 Bytes) uname.txt uname -a Mike E, 02.05.2017 14:00
debug.log (26.2 KB) debug.log kernel debug messages Mike E, 02.05.2017 14:00
messages (96.6 KB) messages Mike E, 02.05.2017 14:00
charon_debug.log (3.39 MB) charon_debug.log Mike E, 02.05.2017 14:00

Associated revisions

Revision 59e6e933 (diff)
Added by Tobias Brunner about 2 years ago

tun-device: Use next free TUN device on FreeBSD

While this API is documented as legacy (and there is a sysctl option to
disable it) the documentation also mentions that it will probably stay
enabled by default due to compatibility issues with existing applications.

With the previous approach only 255 devices could be opened then the
daemon had to be restarted.

Fixes #2313.

History

#1 Updated by Tobias Brunner about 2 years ago

  • Status changed from New to Feedback

#2 Updated by Mike E about 2 years ago

Hi Tobias,

The freebsd tun driver has the ability to return the lowest unused tun device by opening "/dev/tun" (since 5.0-RELEASE). Wouldn't this be the preferred method for creating a tun device?

https://www.freebsd.org/cgi/man.cgi?query=tun&apropos=0&sektion=4&manpath=FreeBSD+11.0-RELEASE+and+Ports&arch=default&format=html

#3 Updated by Tobias Brunner about 2 years ago

  • Tracker changed from Issue to Bug

I think I didn't use that because it's documented as legacy feature. But I guess the following means it's unlikely it will disappear:

Disabling the legacy devfs cloning functionality may break existing
applications which use tun, such as ppp(8) and ssh(1). It therefore
defaults to being enabled until further notice.

If you like you can try the patch in the 2313-freebsd-tun branch.

#4 Updated by Mike E about 2 years ago

Works great, thanks!

#5 Updated by Tobias Brunner about 2 years ago

  • Target version set to 5.5.3

#6 Updated by Tobias Brunner about 2 years ago

  • Status changed from Feedback to Closed
  • Assignee set to Tobias Brunner
  • Resolution set to Fixed

Also available in: Atom PDF