IPSEC stop works after r285336
George Neville-Neil
gnn at neville-neil.com
Sun Jul 26 18:40:06 UTC 2015
On 25 Jul 2015, at 1:51, Alexandr Krivulya wrote:
> 25.07.2015 00:38, John-Mark Gurney пишет:
>> Alexandr Krivulya wrote this message on Thu, Jul 23, 2015 at 10:38
>> +0300:
>>> I have IPSEC tunnel inside l2tp tunnel via mpd. After r285536 I see
>>> only
>>> outgoing esp packets on ng interface:
>> This change is -stable, not -current, but the change referenced below
>> is -current... Which one are you running?
>>
>> Also, the only ipsec related change after r285535 is r285770, though
>> that probably won't effect it... Could you possibly narrow the
>> change
>> that broke things?
>>
>>> root at thinkpad:/usr/src # tcpdump -i ng0
>>> tcpdump: verbose output suppressed, use -v or -vv for full protocol
>>> decode
>>> listening on ng0, link-type NULL (BSD loopback), capture size 262144
>>> bytes
>>> 10:35:27.331886 IP 10.10.10.2 > 10.10.10.1:
>>> ESP(spi=0x03081e58,seq=0x9a5), length 140
>>> 10:35:28.371707 IP 10.10.10.2 > 10.10.10.1:
>>> ESP(spi=0x03081e58,seq=0x9a6), length 140
>>> 10:35:29.443536 IP 10.10.10.2 > 10.10.10.1:
>>> ESP(spi=0x03081e58,seq=0x9a7), length 140
>>> 10:35:30.457370 IP 10.10.10.2 > 10.10.10.1:
>>> ESP(spi=0x03081e58,seq=0x9a8), length 140
>>> 10:35:31.475606 IP 10.10.10.2 > 10.10.10.1:
>>> ESP(spi=0x03081e58,seq=0x9a9), length 140
>>> 10:35:31.622315 IP 10.10.10.1.isakmp > 10.10.10.2.isakmp: isakmp:
>>> phase
>>> 2/others ? inf[E]
>>> 10:35:31.622544 IP 10.10.10.2.isakmp > 10.10.10.1.isakmp: isakmp:
>>> phase
>>> 2/others ? inf[E]
>>> 10:35:31.622658 IP 10.10.10.2.isakmp > 10.10.10.1.isakmp: isakmp:
>>> phase
>>> 2/others ? inf[E]
>>> 10:35:31.623933 IP 10.10.10.1.isakmp > 10.10.10.2.isakmp: isakmp:
>>> phase
>>> 2/others ? inf[E]
>>> 10:35:32.492349 IP 10.10.10.2 > 10.10.10.1:
>>> ESP(spi=0x03081e58,seq=0x9aa), length 140
>>> 10:35:33.509346 IP 10.10.10.2 > 10.10.10.1:
>>> ESP(spi=0x03081e58,seq=0x9ab), length 140
>>> 10:35:34.527187 IP 10.10.10.2 > 10.10.10.1:
>>> ESP(spi=0x03081e58,seq=0x9ac), length 140
>>> 10:35:35.539600 IP 10.10.10.2 > 10.10.10.1:
>>> ESP(spi=0x03081e58,seq=0x9ad), length 140
>>>
>>> With r285535 all works fine.
>
>
> Right commit is in subject - r285336.
There were two IPsec related commits after 285336.
Either 285347 or 285526 could be the fix. If you're OK after those
two commits then the system is in correct working order.
Best,
George
More information about the freebsd-current
mailing list