Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 24 Jul 2015 14:38:39 -0700
From:      John-Mark Gurney <jmg@funkthat.com>
To:        Alexandr Krivulya <shuriku@shurik.kiev.ua>
Cc:        FreeBSD CURRENT <freebsd-current@freebsd.org>
Subject:   Re: IPSEC stop works after r285336
Message-ID:  <20150724213839.GP78154@funkthat.com>
In-Reply-To: <55B099F6.8000004@shurik.kiev.ua>
References:  <55B099F6.8000004@shurik.kiev.ua>

next in thread | previous in thread | raw e-mail | index | archive | help
Alexandr Krivulya wrote this message on Thu, Jul 23, 2015 at 10:38 +0300:
> I have IPSEC tunnel inside l2tp tunnel via mpd. After r285536 I see only
> outgoing esp packets on ng interface:

This change is -stable, not -current, but the change referenced below
is -current... Which one are you running?

Also, the only ipsec related change after r285535 is r285770, though
that probably won't effect it...  Could you possibly narrow the change
that broke things?

> root@thinkpad:/usr/src # tcpdump -i ng0
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on ng0, link-type NULL (BSD loopback), capture size 262144 bytes
> 10:35:27.331886 IP 10.10.10.2 > 10.10.10.1:
> ESP(spi=0x03081e58,seq=0x9a5), length 140
> 10:35:28.371707 IP 10.10.10.2 > 10.10.10.1:
> ESP(spi=0x03081e58,seq=0x9a6), length 140
> 10:35:29.443536 IP 10.10.10.2 > 10.10.10.1:
> ESP(spi=0x03081e58,seq=0x9a7), length 140
> 10:35:30.457370 IP 10.10.10.2 > 10.10.10.1:
> ESP(spi=0x03081e58,seq=0x9a8), length 140
> 10:35:31.475606 IP 10.10.10.2 > 10.10.10.1:
> ESP(spi=0x03081e58,seq=0x9a9), length 140
> 10:35:31.622315 IP 10.10.10.1.isakmp > 10.10.10.2.isakmp: isakmp: phase
> 2/others ? inf[E]
> 10:35:31.622544 IP 10.10.10.2.isakmp > 10.10.10.1.isakmp: isakmp: phase
> 2/others ? inf[E]
> 10:35:31.622658 IP 10.10.10.2.isakmp > 10.10.10.1.isakmp: isakmp: phase
> 2/others ? inf[E]
> 10:35:31.623933 IP 10.10.10.1.isakmp > 10.10.10.2.isakmp: isakmp: phase
> 2/others ? inf[E]
> 10:35:32.492349 IP 10.10.10.2 > 10.10.10.1:
> ESP(spi=0x03081e58,seq=0x9aa), length 140
> 10:35:33.509346 IP 10.10.10.2 > 10.10.10.1:
> ESP(spi=0x03081e58,seq=0x9ab), length 140
> 10:35:34.527187 IP 10.10.10.2 > 10.10.10.1:
> ESP(spi=0x03081e58,seq=0x9ac), length 140
> 10:35:35.539600 IP 10.10.10.2 > 10.10.10.1:
> ESP(spi=0x03081e58,seq=0x9ad), length 140
> 
> With r285535 all works fine.

-- 
  John-Mark Gurney				Voice: +1 415 225 5579

     "All that I will do, has been done, All that I have, has not."



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150724213839.GP78154>