IPSEC/racoon tunnel 9.2 vs 10.0

Matt Lager matt at soliddataservices.com
Mon Apr 7 21:38:08 UTC 2014

I have used IPSEC tunnels w/ racoon to establish point to point VPN 
connections for a long time, with great success. I recently decided to 
upgrade one of my endpoints to 10.0-RELEASE from 9.2-RELEASE-p3. I 
didn't do an upgrade but did a fresh installation of 10.0-RELEASE, but 
applied the identical VPN configuration that was working in 
9.2-RELEASE-p3. The tunnels came up fine, and setkey -D shows that keys 
had been generated, connectivity appeared to be working at first glance. 
I then started to work as normal through my VPN with things like RDP, 
SQL Server, and other protocols, where I found that connectivity started 
then came to a dead halt (not ICMP, which always works fine). I did 
another fresh install of 9.2-RELEASE-p3, applied the config, and 
everything worked as expected.

I've read a lot about MTU's and fragmented traffic, but I'm trying to 
figure out where I should be looking to fix things up. Something 
obviously changed. I do use PF, and I know PF underwent some big 
changes, so maybe it's a PF problem, but I thought I'd post here first. 
I'm using the same PF config on the 10.0 system as I did on the 9.2, of 
course making sure interfaces were all named properly and whatnot.

Any advice would be appreciated. Thanks!


This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the freebsd-questions mailing list