Date: Thu, 02 Dec 2010 14:45:56 +0500 From: "Eugene M. Zheganin" <emz@norma.perm.ru> To: freebsd-net@freebsd.org Subject: ah_input: packet replay failure Message-ID: <4CF76AD4.1010704@norma.perm.ru>
next in thread | raw e-mail | index | archive | help
Hi. What does this message means ? I'm getting a lots of those. ===Cut=== Dec 2 14:35:15 ural85-gw0-omega kernel: ah_input: packet replay failure: SA(SPI=3662816 src=10.50.116.6 dst=10.50.110.210) ===Cut=== I'm using FreeBSD as a security gateway: FreeBSD A >======ipsec over gre===> FreeBSD B A is 10.50.110.210 B is 10.50.116.6 А is a 8.1-RELEASE amd64 box, B is 8.0-RELEASE-p2 i386. A is not the only ipsec peer of B, B has a dozen of another cisco/freebsd peers. Keys are exchanged via the ipsec-tools racoon fork. However, I'm getting much lesser of messages on B (and all of them are about A), for example: ===Cut=== Dec 2 14:35:09 wizard kernel: ah_input: packet replay failure: SA(SPI=136093282 src=10.50.110.210 dst=10.50.116.6) ===Cut=== And I'm getting no messages aboyut other FreeBSD/Cisco hosts (and all of them are using IKE). All of other FreeBSD boxes are i386. I'm using ah+esp policy (can post it here if it's related). All seems to be working fine, except those messages. I'm worrying because the cause of those messages can be the cause of rarely encountered VoIP distortions, but to be honest, the messages occurs much more frequently than the distortions and can be releted with overloaded channel, but still. Thanks. Eugene.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4CF76AD4.1010704>