Date: Wed, 10 May 2000 18:27:11 -0700 (PDT) From: Matthew Dillon <dillon@apollo.backplane.com> To: hackers@FreeBSD.ORG Subject: ipsec 'replay' syslog error messages after reboot of one host Message-ID: <200005110127.SAA61600@apollo.backplane.com>
next in thread | raw e-mail | index | archive | help
Anybody an ipsec guru? I've setup an ipsec transport between two
hosts, A and B on an unsecure network, the setkey configuration file is
included below.
It works fine until I reboot one host (A). After it has rebooted
any packets I send from A to B causes B to report 'replay packet' errors
and for no packets to get through. I have to re-run setkey on B in
order for things to work again.
The question is: What am I forgetting to do? Or is this a bug in our
IPSEC implementation?
May 10 18:15:05 air /kernel: replay packet in IPv4 ESP input: packet(SPI=65537 s
rc=192.168.254.28 dst=192.168.254.29) SA(SPI=65537 src=192.168.254.28 dst=192.16
8.254.29)
May 10 18:15:41 air /kernel: replay packet in IPv4 ESP input: packet(SPI=65537 s
rc=192.168.254.28 dst=192.168.254.29) SA(SPI=65537 src=192.168.254.28 dst=192.16
8.254.29)
-Matt
Matthew Dillon
<dillon@backplane.com>
spdflush ;
flush ;
add 192.168.254.28 192.168.254.29
esp 0x10001
-E des-cbc "password"
-A hmac-md5 "passwordpasswo!!" ;
add 192.168.254.29 192.168.254.28
esp 0x10001
-E des-cbc "password"
-A hmac-md5 "passwordpasswo!!" ;
spdadd 192.168.254.28/32[any] 192.168.254.29/32[any] any
-P out ipsec esp/tunnel/192.168.254.28-192.168.254.29/require ;
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200005110127.SAA61600>