From owner-freebsd-net@FreeBSD.ORG Tue Dec 30 14:25:09 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 31D73106564A for ; Tue, 30 Dec 2008 14:25:09 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.cksoft.de (mail.cksoft.de [62.111.66.27]) by mx1.freebsd.org (Postfix) with ESMTP id D85708FC16 for ; Tue, 30 Dec 2008 14:25:07 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from localhost (amavis.str.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id 2BE3E41C7BF; Tue, 30 Dec 2008 15:25:06 +0100 (CET) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([62.111.66.27]) by localhost (amavis.str.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id WPvuLstgtsPh; Tue, 30 Dec 2008 15:25:05 +0100 (CET) Received: by mail.cksoft.de (Postfix, from userid 66) id B867841C7B7; Tue, 30 Dec 2008 15:25:05 +0100 (CET) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id B2A1C4448D5; Tue, 30 Dec 2008 14:24:02 +0000 (UTC) Date: Tue, 30 Dec 2008 14:24:02 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: Gabe In-Reply-To: <258438.24300.qm@web83813.mail.sp1.yahoo.com> Message-ID: <20081230115445.A28465@maildrop.int.zabbadoz.net> References: <258438.24300.qm@web83813.mail.sp1.yahoo.com> X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: MULTIPART/MIXED; BOUNDARY="0-281300904-1230643331=:28465" Content-ID: <20081230132214.U28465@maildrop.int.zabbadoz.net> Cc: freebsd-net@freebsd.org Subject: Re: +ipsec_common_input: no key association found for SA X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Dec 2008 14:25:09 -0000 This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --0-281300904-1230643331=:28465 Content-Type: TEXT/PLAIN; CHARSET=US-ASCII; FORMAT=flowed Content-ID: <20081230132214.Q28465@maildrop.int.zabbadoz.net> On Tue, 30 Dec 2008, Gabe wrote: >> One more thing; if you are comparing SPIs from the log with setkey, >> you can also run >> tcpdump -s 0 -vv -ln proto 50 >> and it will show you something like >> ... ESP(spi=0x12345678,seq=0x..), >> so you could as well compare what you receive on the wire with what >> you get in the log. This would help to eliminiate the case of a >> promblematic patch. > > However I still get the ipsec_common message albeit not as often, it > appears to only be when I restart racoon now. I also tried matching the > SPIs but the SPIs given by setkey -Da did not match the ones on the log. Ok, can you try running the following script and see if the output times match your racoon restarts or the log entries? You need to set your interface and the tunnel endpoint IPs (as in box/box2). /bz -- Bjoern A. Zeeb The greatest risk is not taking one. --0-281300904-1230643331=:28465 Content-Type: TEXT/PLAIN; CHARSET=US-ASCII; NAME=track-spi.sh Content-Transfer-Encoding: BASE64 Content-ID: <20081230132211.P28465@maildrop.int.zabbadoz.net> Content-Description: track-spi.sh Content-Disposition: ATTACHMENT; FILENAME=track-spi.sh IyEvYmluL3NoDQoNCklOVD1YWFgNClJFTU9URVRVTk5FTEVORFBPSU5UPWFh YS5iYmIuY2NjLmRkZA0KTVlUVU5ORUxFTkRQT0lOVD13d3cueHh4Lnl5eS56 enoNCg0KdGNwZHVtcCAtbG4gLWkgJHtJTlR9IC1zMCBzcmMgJHtSRU1PVEVU VU5ORUxFTkRQT0lOVH0gYW5kIGRzdCAke01ZVFVOTkVMRU5EUE9JTlR9IGFu ZCBwcm90byA1MCB8IFwNCglhd2sgJ0JFR0lOIHsgZGVidWc9MTsgc3BpPSJ1 bmluaXRpYWxpemVkIjsgfQ0KCQl7DQoJCQlpZiAoIS9FU1Auc3BpPS8pIHsg bmV4dDsgfQ0KCQkJc3ViKCJFU1Auc3BpPSIsICIiLCAkNik7DQoJCQlzdWIo IiwuKiIsICIiLCAkNik7DQoJCQlpZiAoJDYgPT0gIiIpIHsgaWYgKGRlYnVn KSB7IHByaW50ZiAiREVCVUc6ICVzXG4iLCAkMDsgfSBuZXh0OyB9DQoJCQlp ZiAoc3BpICE9ICQ2KSB7DQoJCQkJcHJpbnRmICIlcyBTUEkgY2hhbmdlZCAl cyAtPiAlc1xuIiwgJDEsIHNwaSwgJDY7DQoJCQkJc3BpPSQ2Ow0KCQkJfQ0K CQl9Jw0KDQojIGVuZA0K --0-281300904-1230643331=:28465--