Date: Mon, 07 Apr 2014 14:34:45 -0700 From: Matt Lager <matt@soliddataservices.com> To: freebsd-questions@freebsd.org Subject: IPSEC/racoon tunnel 9.2 vs 10.0 Message-ID: <534319F5.8030907@soliddataservices.com>
next in thread | raw e-mail | index | archive | help
I have used IPSEC tunnels w/ racoon to establish point to point VPN connections for a long time, with great success. I recently decided to upgrade one of my endpoints to 10.0-RELEASE from 9.2-RELEASE-p3. I didn't do an upgrade but did a fresh installation of 10.0-RELEASE, but applied the identical VPN configuration that was working in 9.2-RELEASE-p3. The tunnels came up fine, and setkey -D shows that keys had been generated, connectivity appeared to be working at first glance. I then started to work as normal through my VPN with things like RDP, SQL Server, and other protocols, where I found that connectivity started then came to a dead halt (not ICMP, which always works fine). I did another fresh install of 9.2-RELEASE-p3, applied the config, and everything worked as expected. I've read a lot about MTU's and fragmented traffic, but I'm trying to figure out where I should be looking to fix things up. Something obviously changed. I do use PF, and I know PF underwent some big changes, so maybe it's a PF problem, but I thought I'd post here first. I'm using the same PF config on the 10.0 system as I did on the 9.2, of course making sure interfaces were all named properly and whatnot. Any advice would be appreciated. Thanks! Matt -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?534319F5.8030907>