Date: Sun, 4 Jan 2009 02:23:26 -0800 (PST) From: Gabe <nrml@att.net> To: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> Cc: freebsd-net@freebsd.org Subject: Re: +ipsec_common_input: no key association found for SA Message-ID: <186728.8993.qm@web83802.mail.sp1.yahoo.com> In-Reply-To: <480896.12029.qm@web83811.mail.sp1.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> From: Gabe <nrml@att.net> > Subject: Re: +ipsec_common_input: no key association found for SA > To: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> > Cc: freebsd-net@freebsd.org > Date: Tuesday, December 30, 2008, 11:56 PM > > From: Bjoern A. Zeeb > <bzeeb-lists@lists.zabbadoz.net> > > Subject: Re: +ipsec_common_input: no key association > found for SA > > To: "Gabe" <nrml@att.net> > > Cc: freebsd-net@freebsd.org > > Date: Tuesday, December 30, 2008, 6:24 AM > > On Tue, 30 Dec 2008, Gabe wrote: > > > > >> One more thing; if you are comparing SPIs > from the > > log with setkey, > > >> you can also run > > >> tcpdump -s 0 -vv -ln proto 50 > > >> and it will show you something like > > >> ... ESP(spi=0x12345678,seq=0x..), > > >> so you could as well compare what you receive > on > > the wire with what > > >> you get in the log. This would help to > eliminiate > > the case of a > > >> promblematic patch. > > > > > > However I still get the ipsec_common message > albeit > > not as often, it > > > appears to only be when I restart racoon now. I > also > > tried matching the > > > SPIs but the SPIs given by setkey -Da did not > match > > the ones on the log. > > > > Ok, can you try running the following script and see > if the > > output > > times match your racoon restarts or the log entries? > > > > You need to set your interface and the tunnel endpoint > IPs > > (as in box/box2). > > > > /bz > > I restarted racoon and cleared out the keys then I ran the > script which returned: > > on BOX: > tcpdump: verbose output suppressed, use -v or -vv for full > protocol decode > listening on em1, link-type EN10MB (Ethernet), capture size > 65535 bytes > 23:51:13.032336 SPI changed uninitialized -> 0x0878469a > 23:51:13.063318 SPI changed 0x0878469a -> 0x091b7ada > ^C1154 packets captured > 1597 packets received by filter > 0 packets dropped by kernel > > on BOX2: > tcpdump: verbose output suppressed, use -v or -vv for full > protocol decode > listening on em1, link-type EN10MB (Ethernet), capture size > 65535 bytes > 23:53:43.594785 SPI changed uninitialized -> 0x01d66237 > ^C2404 packets captured > 9701 packets received by filter > 0 packets dropped by kernel > > box and box2 are the local and end point respectively. > > /gabe I'm still unable to find the cause for this. Does anyone know what the above output is referring to? Thanks, /gabe
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?186728.8993.qm>