Why does named lock up when it attempts to connect over IPSEC tunnels?
- Updated on 10 Oct 2018
- 1 minute to read
This is due to a kernel bug where the fact that a socket is marked non-blocking is ignored. It is reported that setting
xfrm_larval_drop to 1 helps but this may have negative side effects.
For more information, see:
xfrm_larval_drop can be set to 1 by the following procedure:
echo "1" > proc/sys/net/core/xfrm_larval_drop