ipsec/racoon broken
Simon L. Nielsen
simon at FreeBSD.org
Thu Jul 29 02:09:33 PDT 2004
On 2004.07.29 00:40:00 +0200, Michael Lestinsky wrote:
> for some time now my IPsec connection over my wireless network doesn't
> seem to work. I've enabled debugging in racoon (it's used on both ends
> of the connection) and get this in the log:
>
> 2004-07-29 00:37:56: DEBUG: oakley.c:436:oakley_compute_keymat(): KEYMAT computed.
> 2004-07-29 00:37:56: DEBUG: isakmp_quick.c:649:quick_i2send(): call pk_sendupdate
> 2004-07-29 00:37:56: DEBUG: algorithm.c:513:alg_ipsec_encdef(): encription(3des)
> 2004-07-29 00:37:56: DEBUG: algorithm.c:556:alg_ipsec_hmacdef(): hmac(hmac_sha1)
> 2004-07-29 00:37:56: DEBUG: pfkey.c:1061:pk_sendupdate(): call pfkey_send_update
> 2004-07-29 00:37:56: ERROR: pfkey.c:1076:pk_sendupdate(): libipsec failed send update (No buffer space available)
The line above is the problem...
> 2004-07-29 00:37:56: ERROR: isakmp_quick.c:651:quick_i2send(): pfkey update failed.
> 2004-07-29 00:37:56: ERROR: isakmp.c:750:quick_main(): failed to process packet.
> 2004-07-29 00:37:56: ERROR: isakmp.c:541:isakmp_main(): phase2 negotiation failed.
>
> Can someone help me here?
The problem is related to the mbuma change.. A workaround I got from
Christian Brueffer is to add
options MSIZE=512 # mbuf size in bytes
to your kernel configuration file. Bosko Milekic (mbuma author) is
aware of the problem, but I don't think he has found the problem (or if
it's even a mbuma bug and not a racoon bug that was just exposed by
mbuma).
--
Simon L. Nielsen
FreeBSD Documentation Team
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20040729/33a41548/attachment.bin
More information about the freebsd-current
mailing list