This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

RED issues with 9.704-2 - high CPU load / disconnects

Hello

I am having problems with my RED setup since applying 9.704-2 to my both UTM appliances. They are "homified" SG 115w and UTM 220.

Both have two RED servers and clients connecting vice versa. I am using availability groups with special monitoring on the RED interfaces in order to select my best route to the other site.

This setup was working flawlessly without any issues including version 9.703-3 and all 4 RED tunnels being up at the time. After applying 9.704 I am only able to have one of the four tunnels active. As soon as I activate a second one, I am getting a log like the attached one.
It gives me disconnects, "Missing keepalive from [RED client interface], disabling peer [IP address]" and "Overflow happend on [RED client interface]" messages in the RED log.

red.log

Switching the ep-red RPM package back to the old version solves the problem for me.


BR,
Sascha



This thread was automatically locked due to age.
Parents
  • Hi,

    9.705 does not include RPM packages for red-firmware-chainboot and ep-red. But of course I could upgrade to the latest release.

    I am currently on 9.704-2. Though I have replaced
    ep-red-9.70-58.gdc75c10.rb3.i686
    with
    ep-red-9.70-56.gd3d4160.rb5.i686
    by using the command
    rpm -Uvh --oldpackage ep-red-9.70-56.gd3d4160.rb5.i686.rpm

    This solved my problem and reverted RED to its previous, "normal" behavior.

    With version 9.704-2 and downgraded to ep-red-9.70-56.gd3d4160.rb5.i686:
    sophos:/root # rpm -qa | grep red
    red-unified-firmwares-9700-0.358343537.gd6f8f71.rb3
    red-firmware-chainboot-8.17-0.76174932.g788e4c8
    ipv6-miredo-1.2.5-1.gd589f8c
    red15-firmware-5317-0.340969712.gdeba856ae.rb4
    red-firmware-8.17-0.g30d3fa5.rb1
    nss-shared-helper-chroot-1.0.10-0.7.10.81.g3fa4edb
    python-ordereddict-1.1-1.0.317998409.gab3cfdd.rb2
    red-firmware2-5317-0.340967634.g849d3589d.rb4
    ep-red-9.70-56.gd3d4160.rb5

    EDIT: I have now upgrade to 9.705-3.

    With version 9.705-3 (original):
    sophos:/root # rpm -qa | grep red
    red-unified-firmwares-9700-0.358343537.gd6f8f71.rb3
    red-firmware-chainboot-8.17-0.76174932.g788e4c8
    ipv6-miredo-1.2.5-1.gd589f8c
    red15-firmware-5317-0.340969712.gdeba856ae.rb4
    red-firmware-8.17-0.g30d3fa5.rb1
    ep-red-9.70-58.gdc75c10.rb3
    nss-shared-helper-chroot-1.0.10-0.7.10.81.g3fa4edb
    python-ordereddict-1.1-1.0.317998409.gab3cfdd.rb2
    red-firmware2-5317-0.340967634.g849d3589d.rb4

    The issue still persists.


    BR,
    Sascha

  • Hallo Sascha and welcome to the UTM Community!

    Please get a case open with Sophos Support so that they can get this information to the developers.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Hallo Sascha and welcome to the UTM Community!

    Please get a case open with Sophos Support so that they can get this information to the developers.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data