Date: Sun, 21 Dec 2003 20:18:01 -0800 From: "Crist J. Clark" <cristjc@comcast.net> To: Nathan Kay <mcnate@numenor.net> Cc: current@freebsd.org Subject: Re: Possible IPsec Trouble in 5.2RC? Message-ID: <20031222041801.GA18856@blossom.cjclark.org> In-Reply-To: <20031219143232.GA91798@numenor.net> References: <20031219064932.GA94971@blossom.cjclark.org> <20031219143232.GA91798@numenor.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Dec 19, 2003 at 06:32:32AM -0800, Nathan Kay wrote:
> On Thu, Dec 18, 2003 at 10:49:32PM -0800, Crist J. Clark wrote:
> > IPsec does work, however. When I manually load up the SAD with
> > setkey(8), the ESP tunnel comes up and everything is fine.
>
> Confirmed, IKE no longer works for my setup either, while manual
> keying does.
>
> > I think the problem is that the IKE traffic, 500/udp, is not bypassing
> > the IPsec processing like it should.
>
> That's what looked like was going on in my setup as well.
A few others have seen the same problems with KAME IPsec in 5.2RC. One
person mentioned that the FAST_IPSEC implementation does not share the
bug. I switched over and things work fine with the same racoon
executable and configuration. This does look like a bug in the FreeBSD
KAME IPsec.
--
Crist J. Clark | cjclark@alum.mit.edu
| cjclark@jhu.edu
http://people.freebsd.org/~cjc/ | cjc@freebsd.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031222041801.GA18856>