[Bug 202667] ipsec broken on i386

[bugzilla-noreply at freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=202667

            Bug ID: 202667
           Summary: ipsec broken on i386
           Product: Base System
           Version: 10.2-STABLE
          Hardware: i386
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs at FreeBSD.org
          Reporter: emz at norma.perm.ru

I'm using NanoBSD for branch office routers, I have like dozens of these. I'm
using gre+ipsec to create a corporate VPN. After upgrade to r285595 ipsec
stopped working. Symptoms:

- SP are installed
- SA are installed (ipsec-tools are used)
- scheme is as follows:

(A, FreeBSD) <=========ipsec/gre========> (B, nanobsd)

B sends icmp via tunnel to A. A sees ipsec packets, successfully decrypts them
and replies. B sees ipsec packets (correct SPIs and stuff) but sees nothing on
the tunnel interface.

The most interesting part is that A also runs same release as B, but on amd64.
I've upgraded both systems to r286954, to resolve recent netstat issue, and,
since it was related to i386 and ipsec somehow, to see if that would help - it
didn't.

When I disable ipsec (flush the SA and SP's for that particular tunnel on A and
B) the tunnel begins to work.

-- 
You are receiving this mail because:
You are the assignee for the bug.