From owner-freebsd-net@FreeBSD.ORG Wed Dec 11 06:23:50 2013 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id BE9E5AFF for ; Wed, 11 Dec 2013 06:23:50 +0000 (UTC) Received: from elf.hq.norma.perm.ru (mail.norma.perm.ru [128.127.144.4]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 358151AF7 for ; Wed, 11 Dec 2013 06:23:49 +0000 (UTC) Received: from bsdrookie.norma.com. (bsdrookie.norma.com [192.168.7.71]) by elf.hq.norma.perm.ru (8.14.5/8.14.5) with ESMTP id rBB6NN8k044256 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO) for ; Wed, 11 Dec 2013 12:23:24 +0600 (YEKT) (envelope-from emz@norma.perm.ru) Message-ID: <52A804DB.8060402@norma.perm.ru> Date: Wed, 11 Dec 2013 12:23:23 +0600 From: "Eugene M. Zheganin" User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:17.0) Gecko/20130709 Thunderbird/17.0.6 MIME-Version: 1.0 To: freebsd-net@freebsd.org Subject: ipsec: a weird guess Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (elf.hq.norma.perm.ru [192.168.3.10]); Wed, 11 Dec 2013 12:23:24 +0600 (YEKT) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Dec 2013 06:23:50 -0000 Hi. I have two CARP'ed routers servicing gre/ipsec tunnels to another FreeBSD/i386, running 8.2-STABLE (since November 2011). 22 days ago I upgraded their ipsec peer to FreeBSD 10.0-BETA1/amd64. Two days ago I upgraded one of their DNS (yeah, it gets weirder) peers from 10.0-CURRENT/amd64 (March 2013) to 10.0-BETA1/amd64. And (finally) yesterday I started getting "panic: double fault" on both target routers. Like 4-5 minutes from start. One goes down, another get in, and goes down too. I know that technical mailing lists get a lots of crazy e-mails, and this sounds like another one, but in the past I was reporting at least two major ipsec issues (and they were fixed), so I'm not that crazy. These double faults are repeatable on both routers (they boot in and go down), first I thought that may be they both got a power outage, and bgfsck is causing panic, and so on - but panics stopped when I switched off ipsec and let the clear gre run. Now they are working. I upgraded one to 9.2-RELEASE-p2/i386, but this didn't help (same double fault). Is it worth reporting ? Double fault panic is similar to ones that can be found in google (only these rocket science numbers are different). I'm pretty sure it will go away after upgrading to 10.0/amd64. If someone would tell me that story I'd say "it's crazy and impossible" too. Thanks. Eugene.