|
||||||||||
Hi Manuel, I'm running WRAP 1D-3, so I think this is not the case. It's is incorrect that I reported the m0n0wall locks up. What I have found out is the following: If a node inside the LAN connectes via an IPSec tunnel to m0n0wall's LAN interface and the tunnel is terminated, m0n0wall doesn't cleans out all SAD/SPD's. Therefore the node could not reach (ping) the m0n0wall and it seams as it is locked. Because if another node connects to the m0n0wall and cleans out the left SAD/SPD entries the node which connected via an IPSec tunnel could then again reach the m0n0wall. I hope this is understandable? Cheers, Goetz On Dec 18, 2004, at 11:29 AM, Manuel Kasper wrote: > On 17.12.2004 22:18 -0600, Michael D. Joy wrote: > >> I'm running a Wrap 1C-3 and am also experiencing hard locks after >> 1.2b3 upgrade. I have since reverted to 1.2b2. Oddly enough, the > > Hmm, the only change from 1.2b2 to 1.2b3 that could possibly cause > this (even though that would imply big problems with ipfilter), as > far as I can imagine, is the UDP ack timeout (24 -> 240 seconds). You > can try the following command on exec.php to set it back to 24 (until > the next reboot): > > /sbin/sysctl net.inet.ipf.fr_udpacktimeout=24 > > I can't see why 1.2b2 should work when 1.2b3 doesn't - both versions > even use the exact same kernel image. As long as I can't reproduce it > here (been running it on a net4501 ever since it was released) and > there are no other indicators as to what's going wrong (console > messages before it dies etc.), it'll be pretty hard to fix. However, > two out of three people who reported this bug are running WRAPs - see > <http://m0n0.ch/wall/list/? > action=show_msg&actionargs[]=109&actionargs[]=84>. > > - Manuel > > --------------------------------------------------------------------- > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch |