I am also seeing
kernel: nf_conntrack: table full, dropping packet
Googling this error seems to indicate it might be wise to change the table size. Does anyone have a some words of wisdom on this?
pluto is a user space daemon used for the Key-exchange portion of the IPsec protocol. linux should protect you from it causing reboots.
cryptographic overload though, is badness none the less. combined with conntrack tables overflows it looks like you have a 'out of memory' problem.
Its not just a question of sizing up the connection tracking table - we set that to about as big as the system can handle memory wise already anyway.
Best bet is to take a TSR and hand it to support so we can have a look at what is causing this condition and advise you on what to do about it from there. eg. as an example, one can suck up quite a bit of RAM by using a few PPTP tunnels, whcih are way more memory hungry than say IPsec tunnels.
This entry in the TSR tell you the current number of connections
If this is abnormally high, you are likely to have an internal network issue. If this is the case it needs to be fixed rather than working around the issue on the UTM device.
the current max is shown in
default for the 565 is 32768
If count is as expected you need to increase it under
System -> System Setup -> Memory Allocation -> Connection Tracking
this will increate the above file max value accordingly if required.
Talking about PPTP one issue I had when upgrading from 3 to 4 was that all the PPTP account password and setting had to be reseted before it will work as the password did not come across during migration (password was blank out I believe). Could there be other settings that are still hanging around (incorrectly) causing the issue?