Date: Tue, 30 Dec 2008 23:56:16 -0800 (PST) From: Gabe <nrml@att.net> To: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> Cc: freebsd-net@freebsd.org Subject: Re: +ipsec_common_input: no key association found for SA Message-ID: <480896.12029.qm@web83811.mail.sp1.yahoo.com> In-Reply-To: <20081230115445.A28465@maildrop.int.zabbadoz.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> From: Bjoern A. Zeeb <bzeeb-lists@lists.zabbadoz.net> > Subject: Re: +ipsec_common_input: no key association found for SA > To: "Gabe" <nrml@att.net> > Cc: freebsd-net@freebsd.org > Date: Tuesday, December 30, 2008, 6:24 AM > On Tue, 30 Dec 2008, Gabe wrote: > > >> One more thing; if you are comparing SPIs from the > log with setkey, > >> you can also run > >> tcpdump -s 0 -vv -ln proto 50 > >> and it will show you something like > >> ... ESP(spi=0x12345678,seq=0x..), > >> so you could as well compare what you receive on > the wire with what > >> you get in the log. This would help to eliminiate > the case of a > >> promblematic patch. > > > > However I still get the ipsec_common message albeit > not as often, it > > appears to only be when I restart racoon now. I also > tried matching the > > SPIs but the SPIs given by setkey -Da did not match > the ones on the log. > > Ok, can you try running the following script and see if the > output > times match your racoon restarts or the log entries? > > You need to set your interface and the tunnel endpoint IPs > (as in box/box2). > > /bz I restarted racoon and cleared out the keys then I ran the script which returned: on BOX: tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on em1, link-type EN10MB (Ethernet), capture size 65535 bytes 23:51:13.032336 SPI changed uninitialized -> 0x0878469a 23:51:13.063318 SPI changed 0x0878469a -> 0x091b7ada ^C1154 packets captured 1597 packets received by filter 0 packets dropped by kernel on BOX2: tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on em1, link-type EN10MB (Ethernet), capture size 65535 bytes 23:53:43.594785 SPI changed uninitialized -> 0x01d66237 ^C2404 packets captured 9701 packets received by filter 0 packets dropped by kernel box and box2 are the local and end point respectively. /gabe
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?480896.12029.qm>