Date: Thu, 29 Jul 2004 11:09:29 +0200 From: "Simon L. Nielsen" <simon@FreeBSD.org> To: Michael Lestinsky <michael@lestinsky.de> Cc: freebsd-current@freebsd.org Subject: Re: ipsec/racoon broken Message-ID: <20040729090928.GC92949@eddie.nitro.dk> In-Reply-To: <20040728224000.GA6887@zaphod.lestinsky.de> References: <20040728224000.GA6887@zaphod.lestinsky.de>
next in thread | previous in thread | raw e-mail | index | archive | help
--B4IIlcmfBL/1gGOG Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2004.07.29 00:40:00 +0200, Michael Lestinsky wrote: > for some time now my IPsec connection over my wireless network doesn't > seem to work. I've enabled debugging in racoon (it's used on both ends > of the connection) and get this in the log: >=20 > 2004-07-29 00:37:56: DEBUG: oakley.c:436:oakley_compute_keymat(): KEYMAT = computed. > 2004-07-29 00:37:56: DEBUG: isakmp_quick.c:649:quick_i2send(): call pk_se= ndupdate > 2004-07-29 00:37:56: DEBUG: algorithm.c:513:alg_ipsec_encdef(): encriptio= n(3des) > 2004-07-29 00:37:56: DEBUG: algorithm.c:556:alg_ipsec_hmacdef(): hmac(hma= c_sha1) > 2004-07-29 00:37:56: DEBUG: pfkey.c:1061:pk_sendupdate(): call pfkey_send= _update > 2004-07-29 00:37:56: ERROR: pfkey.c:1076:pk_sendupdate(): libipsec failed= send update (No buffer space available) The line above is the problem... > 2004-07-29 00:37:56: ERROR: isakmp_quick.c:651:quick_i2send(): pfkey upda= te failed. > 2004-07-29 00:37:56: ERROR: isakmp.c:750:quick_main(): failed to process = packet. > 2004-07-29 00:37:56: ERROR: isakmp.c:541:isakmp_main(): phase2 negotiatio= n failed. >=20 > Can someone help me here? The problem is related to the mbuma change.. A workaround I got from Christian Brueffer is to add options MSIZE=3D512 # mbuf size in bytes to your kernel configuration file. Bosko Milekic (mbuma author) is aware of the problem, but I don't think he has found the problem (or if it's even a mbuma bug and not a racoon bug that was just exposed by mbuma). --=20 Simon L. Nielsen FreeBSD Documentation Team --B4IIlcmfBL/1gGOG Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFBCL7Ih9pcDSc1mlERAhAJAKCZgMaqdYoIE11XfkFbQNBAIy1uiACeL4Y+ 5G2XizPc4JmyVGo6+M/2jOI= =sXWG -----END PGP SIGNATURE----- --B4IIlcmfBL/1gGOG--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040729090928.GC92949>