• Print
  • Share
  • Dark
    Light

Why does named lock up when it attempts to connect over IPSEC tunnels?

  • Updated on 10 Oct 2018
  • 1 minute to read
  • Contributors 

This is due to a kernel bug where the fact that a socket is marked non-blocking is ignored. It is reported that setting xfrm_larval_drop to 1 helps but this may have negative side effects.

For more information, see:

https://bugzilla.redhat.com/show_bug.cgi?id=427629

and

https://lkml.org/lkml/2007/12/4/260

xfrm_larval_drop can be set to 1 by the following procedure:

echo "1" > proc/sys/net/core/xfrm_larval_drop
Problems with this site? Email us at marketing@isc.org