OpenSwan U2.6.24 on 2.6.27.7-9-pae (32-bit) slow at establishing connection
Dear board
I am at loss as to what is causing a very unhealthy(?) ~6s time to establish a connection.
Server:
Linux Openswan U2.6.24/K2.6.31.12-ipsec-rks-march-3 (netkey)
Connection: 100Mbit
Client (Road Warrior):
Linux Openswan U2.6.24/K2.6.27.7-9-pae (netkey)
Connection: 3G 7,2Mbit
Verification: rsasig
Type: tunnel
The scenario is this, the Road Warrior has two-three Internet connections and the default route changes every now and then, each time must ipsec be restarted (or not?) and then the connection be brought up again.
# time /etc/init.d/ipsec restart
...
real 0m3.605s
user 0m0.840s
sys 0m0.620s
# time ipsec auto --up road-gw
...
real 0m3.775s
user 0m0.064s
sys 0m0.044s
(Available memory on the machine is sufficient, 591MB and CPU usage is non-existing before and after initiation.)
These are my configuration-files:
Client:
-----------
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
nat_traversal=yes
klipsdebug=none
plutodebug=none
virtual_private=%v4:192.168.2.0/24,%v4:9.9.0.0/24
oe=off
protostack=netkey
conn %default
left=%defaultroute
leftrsasigkey=%cert
rightrsasigkey=%cert
authby=rsasig
conn road-gw
type=tunnel
left=%defaultroute
leftid=@x
leftrsasigkey=0s...hdU2gN
right=xxx.yyy.xxx
rightsubnet=9.9.0.0/24
rightid=@momento
rightrsasigkey=0sA...WNBH43UmXFDv//
auto=add
Server:
--------------
version 2.0 # conforms to second version of ipsec.conf specification
config setup
nat_traversal=yes
klipsdebug=none
plutodebug=none
virtual_private=%v4:9.9.0.0/24
oe=off
protostack=netkey
conn %default
left=xxx.yyy.xxx
leftrsasigkey=%cert
rightrsasigkey=%cert
authby=rsasig
conn road-gw
type=tunnel
left=xxx.yyy.xxx
leftid=@momento
leftsubnet=9.9.0.0/24
leftrsasigkey=0sA...mXFDv//
right=%any
rightid=@x
rightrsasigkey=0sAQOS...hdU2gN
auto=add
|