5.3 IPSEC broken
Robert Watson
rwatson at freebsd.org
Fri Sep 24 19:59:21 PDT 2004
On Sat, 25 Sep 2004, Hannes Mehnert wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Fri, Sep 24, 2004 at 04:52:48PM -0700, Kris Kennaway wrote:
> > On Sat, Sep 25, 2004 at 01:43:32AM +0200, Hannes Mehnert wrote:
> > > in 5.3-BETA5 IPSec is broken.
> >
> > Please provide more details.
>
> As described in
> http://lists.freebsd.org/pipermail/freebsd-current/2004-June/028442.html
> http://lists.freebsd.org/pipermail/freebsd-current/2004-August/033554.html
> the mbuma commit broke IPSec (ENOBUF) with default MSIZE (256). Setting
> it to 512 is a workaround, maybe someone more in FreeBSD kernel hacking
> should look at the problem.
I'd like to take a look at this sometime in the next few days. Could you
send me an appropriately censored version of your racoon configuration for
each endpoint that I can use as a starting point?
Robert N M Watson FreeBSD Core Team, TrustedBSD Projects
robert at fledge.watson.org Principal Research Scientist, McAfee Research
More information about the freebsd-current
mailing list