Date: Thu, 03 Aug 2017 11:02:41 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 221091] security/ike: iked fails to run after FreeBSD 11.1 upgrade (socket set udp-encap non-ike option failed) Message-ID: <bug-221091-13-qYtEV7wupT@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-221091-13@https.bugs.freebsd.org/bugzilla/> References: <bug-221091-13@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D221091 --- Comment #4 from Andrey V. Elsukov <ae@FreeBSD.org> --- (In reply to Darryn Nicol from comment #3) > When I establish a tunnel I'm picking up an IP address on the remote LAN = via > DHCP. I can confirm this by checking the assigned IP on my tap0 device. B= ut > any attempt to use a network resource over the tunnel times out. I've > noticed that trying to display a route with 'route get <ip>', even to a > local lan address, takes about 44 seconds while connected to the tunnel, = but > less than a second when the tunnel is not established. Use '-n' flag to avoid name resolution. There are several things that can help with further debugging: 1. Look at the output of `netstat -rn` 2. Look at the output of `setkey -D` and `setkey -DP` 3. Use tcpdump on if_enc(4) interface to see what is going trough IPsec. 4. Check your firewall rules. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-221091-13-qYtEV7wupT>