It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda NextGen Firewall X

VPN server does not start and display error "Cannot create ktina socket"

  • Type: Knowledgebase
  • Date changed: one year ago

Solution #00005583



Scope:
This solution replies to:
- NG Firewall firmware versions 4.2.x, 5.0.x, 5.2.x
- netfence firmware versions 4.2.x


Symptoms:
The VPN service does not start anymore and the "Log" > "fatal.log" displays following error message:

Fatal Exit: Cannot create ktina socket: Address family not supported by protocol


Solution:
This error happens ony on hardware with a single CPU which uses always the 32bit architecture, when you increased the value for the "Max. Session Slots" of the firewall over the default value of 65536. In this case the acpf (firewall kernel module) does allocate to much kernel memory and the ktina (VPN kernel module) has not enough free kernel memory available. This does not happen if you use a Multi-CPU hardware with 64bit architecture.

 

If you got this issue, please check the "Box" > "Infrastructure Services" > "General Firewall Configuration" > "Global Limits" > "Max. Session Slots" value and decrease it at least to the default value of 65536. After a reboot of the box, the VPN service will start normally.





 

 

 

 

 

 

 

 

 

 

 

 

 

 

 


Note:
Multi-CPU and 64bit are just supported up to release NG firewall 5.0.x. For NG firewall 4.2.x you cannot use more than 65536 session slots.


Link to This Page:
https://campus.barracuda.com/solution/50160000000IThoAAG