Bug #13075
closedNetgate 2100 IPsec S2S AES GCM and SafeXcel mbuf overload
0%
Description
Hello everyone,
i run into a mbuf overload after change the S2S Setting (Netgate 6100 – 2100) from AES256 to AES128-GCM.
If i start the NAS Backup and use GCM, the mbuf grows and grows and after some time it reaches the limit and the SG-2100 didn’t respons anymore.
Asynchronous Cryptography doesn’t matter and AES-CBC just works.
Both Netgates running 22.01, 6100 use Intel QAT, 2100 use SafeXcel for Hardware Crypto support.
Tunnel Setup:
P1: AES128-GCM,AES256, SHA256 DH19, Mobike an DPD
P2 ESP,AES256,AES128-GCM, SHA256 DH19
For me, looks like a Memory Leak in the Crypto Engiene or the NIC Queue of the SafeXcel Driver.
If i disable the Driver and run GCM in Software Mode, it works over days.
There could also be a connection with the remote station and the Intel QAT support, which may trigger the behavior.
Files
Related issues
Updated by Jim Pingle over 2 years ago
- Category changed from IPsec to Cryptographic Modules
- Status changed from New to Duplicate
Duplicate of #13074
Updated by Jim Pingle over 2 years ago
- Is duplicate of Bug #13074: AES-GCM with SafeXcel on Netgate 2100 causes MBUF overload added