route based ipsec
Peter Blok
pblok at bsd4all.org
Thu May 9 11:41:51 UTC 2019
I have tried certificates in the past, but racoon never worked stable enough. Didn’t crash on me though.
I have moved over to Strongswan and never regretted this move. Very stable.
Peter
> On 8 May 2019, at 03:29, Eugene Grosbein <eugen at grosbein.net> wrote:
>
> 08.05.2019 3:23, KOT MATPOCKuH wrote:
>
>> I'm misunderstand what in my configuration can result core dumps a running
>> daemon...
>> I'm attached a sample racoon.conf. Can You check for possible problems?
>> Also on one host I got a crash in another function:
>> (gdb) bt
>> #0 0x000000000024717f in privsep_init ()
>> #1 0x00000000002375f4 in inscontacted ()
>> #2 0x00000000002337d0 in isakmp_plist_set_all ()
>> #3 0x000000000023210d in isakmp_ph2expire ()
>> #4 0x000000000023162a in isakmp_ph1delete ()
>> #5 0x000000000023110b in isakmp_ph2resend ()
>> #6 0x00000008002aa000 in ?? ()
>> #7 0x0000000000000000 in ?? ()
>
> I guess configuration using certificates is not tested enough.
> It works stable for me but I use psk only.
>
> You need to fix code yourself or stop using racoon with certificates.
>
> _______________________________________________
> freebsd-stable at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-stable
> To unsubscribe, send any mail to "freebsd-stable-unsubscribe at freebsd.org"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2348 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20190509/de4eb8d4/attachment.bin>
More information about the freebsd-stable
mailing list