[Bug 202667] ipsec broken on i386
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Wed Aug 26 08:37:57 UTC 2015
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=202667
Bug ID: 202667
Summary: ipsec broken on i386
Product: Base System
Version: 10.2-STABLE
Hardware: i386
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: kern
Assignee: freebsd-bugs at FreeBSD.org
Reporter: emz at norma.perm.ru
I'm using NanoBSD for branch office routers, I have like dozens of these. I'm
using gre+ipsec to create a corporate VPN. After upgrade to r285595 ipsec
stopped working. Symptoms:
- SP are installed
- SA are installed (ipsec-tools are used)
- scheme is as follows:
(A, FreeBSD) <=========ipsec/gre========> (B, nanobsd)
B sends icmp via tunnel to A. A sees ipsec packets, successfully decrypts them
and replies. B sees ipsec packets (correct SPIs and stuff) but sees nothing on
the tunnel interface.
The most interesting part is that A also runs same release as B, but on amd64.
I've upgraded both systems to r286954, to resolve recent netstat issue, and,
since it was related to i386 and ipsec somehow, to see if that would help - it
didn't.
When I disable ipsec (flush the SA and SP's for that particular tunnel on A and
B) the tunnel begins to work.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list