Date: Thu, 22 Feb 2018 13:08:33 +0400 From: Misak Khachatryan <kmisak@gmail.com> To: Eugene Grosbein <eugen@grosbein.net> Cc: "Andrey V. Elsukov" <bu7cher@yandex.ru>, freebsd-net@freebsd.org Subject: Re: Racoon and setkey problems Message-ID: <CABfKv0=wV0_W2eWRkgcWKwwUxiNigR7NKXCdRyCSwVXhGrQKZw@mail.gmail.com> In-Reply-To: <5A8E7642.2020509@grosbein.net> References: <CABfKv0mYX2ouQ1k6M2Bd90yp=eQXP6HcHL7%2BdE2AZQ9afQ%2Bc2g@mail.gmail.com> <5A8A97EC.4040103@grosbein.net> <CABfKv0ntGt6TCP7v9xa=MSSZqHwYbZtYtVd6s0gZ-Mbdu2qk5A@mail.gmail.com> <16e6d695-6961-bc17-6ff0-e2affcd5df3b@yandex.ru> <CABfKv0kvTLJjv7F6y7DTXxE-oXspOHTJti%2Bj0Ftqv5xVpqQQRQ@mail.gmail.com> <5A8BB836.2010501@grosbein.net> <5e13deb9-0d83-5f43-195c-f6797ed36a7b@yandex.ru> <CABfKv0mavVUqFsecAAa6-6RjzfBQ9qoGp7sUw8EEyXEkVQ5Onw@mail.gmail.com> <5A8E7642.2020509@grosbein.net>
next in thread | previous in thread | raw e-mail | index | archive | help
That didn help. Best regards, Misak Khachatryan On Thu, Feb 22, 2018 at 11:50 AM, Eugene Grosbein <eugen@grosbein.net> wrote: > On 22.02.2018 14:10, Misak Khachatryan wrote: >> Hello there, >> >> just a quick feedback. I've added rules to my ipfw to block all isakmp >> ports on interfaces not involved in ipsec and rebooted 3 of 4 >> machines. Situation returned to normal on them, but rebooting fourth >> host is very painful. It seems i have some kind of massive ipsec >> probes from botnet which fills all my SAD and SPD entries or PFKEY >> sockets. >> >> All i need is to flush all SAD and SDP entries, but setkey can't do >> that. Is there any other way? > > Try to increase sysctl kern.ipc.maxsockbuf upto some huge value like 80MB > and re-try with setkey. >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CABfKv0=wV0_W2eWRkgcWKwwUxiNigR7NKXCdRyCSwVXhGrQKZw>