[OpenWrt-Devel] 090-backport_netfilter_rtcache.patch and IPsec routing/connection errors/packet loss

Stijn Tintel stijn at linux-ipv6.be
Fri Jan 2 07:39:22 EST 2015

On 23-12-14 22:59, Stijn Tintel wrote:
> On 23-12-14 20:11, Andre Valentin wrote:
>> Hi!
>> I just recompiled the module and loaded it on the router. But it seems that this does not fix the error. 5 minutes later I got several alerts (ping checks).
> The workaround below seems to work for me. How did you apply this patch
> to the OpenWrt code
After updating the other end of the IPsec tunnel, it turns out that the
workaround doesn't entirely fix the problem.

box1 ---- owrt1 ============= owrt2 ---- box2
                           strongSwan IPsec
                              (tunnel mode)

Initially I only had the nf_conntrack_rtcache module on owrt2. That
caused problems like snmpwalk from box1 to box2 hanging after a single
line of output. With the workaround applied, I did no longer see the
problem. I could snmpwalk, ping and SSH from box1 to box2 fine. When I
later updated owrt1 to also have the nf_conntrack_module (+workaround),
the problems were back. This time, snmpwalk from box1 to box2 hangs
after two lines of output.

Kind regards,
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org

More information about the openwrt-devel mailing list