From owner-freebsd-net@FreeBSD.ORG Sun Jan 4 10:23:27 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BFE2D1065670 for ; Sun, 4 Jan 2009 10:23:27 +0000 (UTC) (envelope-from nrml@att.net) Received: from web83802.mail.sp1.yahoo.com (web83802.mail.sp1.yahoo.com [69.147.85.67]) by mx1.freebsd.org (Postfix) with SMTP id AC8148FC18 for ; Sun, 4 Jan 2009 10:23:27 +0000 (UTC) (envelope-from nrml@att.net) Received: (qmail 9534 invoked by uid 60001); 4 Jan 2009 10:23:27 -0000 X-YMail-OSG: wbMY2eAVM1mj2e9_LlRo2bnhydykjiqLG91rCOSQOx3z0AOveUMvqYnFMcfL9rpQQqC8rDQ0FlDoIxhiPnXYp3TyGyrBMlerW2.5a2H65ukryyEbYoXevjVINWvjs367ang9hKzJV4S.KRecdM3l.KMQXZViK1iMY69OmvBDOpPS5ZD1LSEINezbAo_FwT58E1ofAos7ZOBTMEzEY4hgF17wYJzh Received: from [69.43.143.172] by web83802.mail.sp1.yahoo.com via HTTP; Sun, 04 Jan 2009 02:23:26 PST X-Mailer: YahooMailWebService/0.7.218.2 Date: Sun, 4 Jan 2009 02:23:26 -0800 (PST) From: Gabe To: "Bjoern A. Zeeb" In-Reply-To: <480896.12029.qm@web83811.mail.sp1.yahoo.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Message-ID: <186728.8993.qm@web83802.mail.sp1.yahoo.com> Cc: freebsd-net@freebsd.org Subject: Re: +ipsec_common_input: no key association found for SA X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: nrml@att.net List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 04 Jan 2009 10:23:28 -0000 > From: Gabe > Subject: Re: +ipsec_common_input: no key association found for SA > To: "Bjoern A. Zeeb" > Cc: freebsd-net@freebsd.org > Date: Tuesday, December 30, 2008, 11:56 PM > > From: Bjoern A. Zeeb > > > Subject: Re: +ipsec_common_input: no key association > found for SA > > To: "Gabe" > > Cc: freebsd-net@freebsd.org > > Date: Tuesday, December 30, 2008, 6:24 AM > > On Tue, 30 Dec 2008, Gabe wrote: > > > > >> One more thing; if you are comparing SPIs > from the > > log with setkey, > > >> you can also run > > >> tcpdump -s 0 -vv -ln proto 50 > > >> and it will show you something like > > >> ... ESP(spi=0x12345678,seq=0x..), > > >> so you could as well compare what you receive > on > > the wire with what > > >> you get in the log. This would help to > eliminiate > > the case of a > > >> promblematic patch. > > > > > > However I still get the ipsec_common message > albeit > > not as often, it > > > appears to only be when I restart racoon now. I > also > > tried matching the > > > SPIs but the SPIs given by setkey -Da did not > match > > the ones on the log. > > > > Ok, can you try running the following script and see > if the > > output > > times match your racoon restarts or the log entries? > > > > You need to set your interface and the tunnel endpoint > IPs > > (as in box/box2). > > > > /bz > > I restarted racoon and cleared out the keys then I ran the > script which returned: > > on BOX: > tcpdump: verbose output suppressed, use -v or -vv for full > protocol decode > listening on em1, link-type EN10MB (Ethernet), capture size > 65535 bytes > 23:51:13.032336 SPI changed uninitialized -> 0x0878469a > 23:51:13.063318 SPI changed 0x0878469a -> 0x091b7ada > ^C1154 packets captured > 1597 packets received by filter > 0 packets dropped by kernel > > on BOX2: > tcpdump: verbose output suppressed, use -v or -vv for full > protocol decode > listening on em1, link-type EN10MB (Ethernet), capture size > 65535 bytes > 23:53:43.594785 SPI changed uninitialized -> 0x01d66237 > ^C2404 packets captured > 9701 packets received by filter > 0 packets dropped by kernel > > box and box2 are the local and end point respectively. > > /gabe I'm still unable to find the cause for this. Does anyone know what the above output is referring to? Thanks, /gabe