[IPSec] Sangfor VPN UDP protocol+TCP traversal with NIC GRO
  

CTI Jimy Lv2Posted 13 Apr 2022 09:42

Bug Phenomena:
Sangfor VPN UDP protocol + TCP traversal, slow transmission speed, production suffer packet loss

【Trigger conditions】
Sangfor VPN build with device "DLAN version 6.2.0 and above" and "DLAN version 6.2.0 and below" using UDP protocol and TCP traversal. NIC supports GRO.

【Root Cause】
UDP protocol with TCP traversal and the network card GRO conflict resulting in packet loss.

【How to check】
Production packet loss. Packet capture found out GRO process the combination of big packets and decryption failure.

【Solution】
Patch to disable GRO
https://download.sangfor.com/Download/Product/WANO/Patch/TD202012171266_WOC9.5.x_CLOSE_GRO(20210128).ssu.7z

【Precautions】
Package does not restart the service
Currently only support to patch WANO version 9.5.x.
Issue currently only detected on WANO device. If the issue is detected on other product, please log a case.

Like this topic? Like it or reward the author.

Creating a topic earns you 5 coins. A featured or excellent topic earns you more coins. What is Coin?

Enter your mobile phone number and company name for better service. Go

Newbie308427 Posted 19 Oct 2022 23:52
  
nice sharing

Trending Topics

Board Leaders