Date: Tue, 26 Jun 2012 01:45:52 +0300 From: mbsd <mbsd@isgroup.com.ua> To: freebsd-stable@freebsd.org Subject: Re: ipsec kernel panic Message-ID: <1340664352.5121.2.camel@localhost> In-Reply-To: <20120625092751.GA4514@zeninc.net> References: <1340598865.1968.11.camel@localhost> <20120625092751.GA4514@zeninc.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Thank you for your advice. Without ah it works perfectly. On Mon, 2012-06-25 at 11:27 +0200, VANHULLEBUS Yvan wrote: > User-Agent: All mail clients suck. This one just sucks less. > > On Mon, Jun 25, 2012 at 07:34:25AM +0300, mbsd wrote: > > Hi stable users. > > Hi. > > > > Like this good guy: > > http://www.freebsd.org/cgi/query-pr.cgi?pr=159629&cat= > > I'm bad guy also have kernel panic. > >1;2802;0c Maybe it's doesn't matter good or bad gay you are. > > > > It happened first time around Freebsd 9 ~ beta 2 or three. I don't > > remember exactly. > > > > All what I have is > > > > ?? ~ ??? cat /etc/ipsec.conf > > add 192.168.0.2 192.168.0.1 esp 10022 -E blowfish-cbc "dododo"; > > add 192.168.0.1 192.168.0.2 esp 10020 -E blowfish-cbc dododo; > > > > add 192.168.0.2 192.168.0.1 ah 10007 -A hmac-md5 "dododo"; > > add 192.168.0.1 192.168.0.2 ah 10006 -A hmac-md5 "dododo"; > > > > # for internet > > spdadd 0.0.0.0/0 192.168.0.2 any -P in ipsec > > esp/tunnel/192.168.0.1-192.168.0.2/require ah/transport//require; > > spdadd 192.168.0.2 0.0.0.0/0 any -P out ipsec > > esp/tunnel/192.168.0.2-192.168.0.1/require ah/transport//require; > > > > After service ipsec start I always have kernel panic on stable. > > This will *not* solve the crash, but do you really need such IPsec > configuration with both ESP/tunnel and AH/transport ? > > Most people who use such configuration just wants in fact ESP/Tunnel > with payload authentication, which will be done by that: > > > add 192.168.0.2 192.168.0.1 esp 10022 -E blowfish-cbc "dododo" -A hmac-md5 "dododo"; > add 192.168.0.1 192.168.0.2 esp 10020 -E blowfish-cbc dododo -A hmac-md5 "dododo"; > (if you do really use static SAs, please also consider moving to an > IKE daemon...) > > > spdadd 0.0.0.0/0 192.168.0.2 any -P in ipsec > esp/tunnel/192.168.0.1-192.168.0.2/require; > spdadd 192.168.0.2 0.0.0.0/0 any -P out ipsec > esp/tunnel/192.168.0.2-192.168.0.1/require; > > > If you do not really need AH, then you can move to this configuration, > and confirm us that you don't have the crash anymore. > > Of course, as I already said, the issue will still be in the code.... > > > > Yvan. > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1340664352.5121.2.camel>