Date: Wed, 10 May 2000 18:27:11 -0700 (PDT) From: Matthew Dillon <dillon@apollo.backplane.com> To: hackers@FreeBSD.ORG Subject: ipsec 'replay' syslog error messages after reboot of one host Message-ID: <200005110127.SAA61600@apollo.backplane.com>
next in thread | raw e-mail | index | archive | help
Anybody an ipsec guru? I've setup an ipsec transport between two hosts, A and B on an unsecure network, the setkey configuration file is included below. It works fine until I reboot one host (A). After it has rebooted any packets I send from A to B causes B to report 'replay packet' errors and for no packets to get through. I have to re-run setkey on B in order for things to work again. The question is: What am I forgetting to do? Or is this a bug in our IPSEC implementation? May 10 18:15:05 air /kernel: replay packet in IPv4 ESP input: packet(SPI=65537 s rc=192.168.254.28 dst=192.168.254.29) SA(SPI=65537 src=192.168.254.28 dst=192.16 8.254.29) May 10 18:15:41 air /kernel: replay packet in IPv4 ESP input: packet(SPI=65537 s rc=192.168.254.28 dst=192.168.254.29) SA(SPI=65537 src=192.168.254.28 dst=192.16 8.254.29) -Matt Matthew Dillon <dillon@backplane.com> spdflush ; flush ; add 192.168.254.28 192.168.254.29 esp 0x10001 -E des-cbc "password" -A hmac-md5 "passwordpasswo!!" ; add 192.168.254.29 192.168.254.28 esp 0x10001 -E des-cbc "password" -A hmac-md5 "passwordpasswo!!" ; spdadd 192.168.254.28/32[any] 192.168.254.29/32[any] any -P out ipsec esp/tunnel/192.168.254.28-192.168.254.29/require ; To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200005110127.SAA61600>