From owner-freebsd-current@FreeBSD.ORG Thu Jul 29 09:09:33 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2E7BC16A4DA for ; Thu, 29 Jul 2004 09:09:33 +0000 (GMT) Received: from eddie.nitro.dk (port324.ds1-khk.adsl.cybercity.dk [212.242.113.79]) by mx1.FreeBSD.org (Postfix) with ESMTP id D713543D1D for ; Thu, 29 Jul 2004 09:09:32 +0000 (GMT) (envelope-from simon@eddie.nitro.dk) Received: by eddie.nitro.dk (Postfix, from userid 1000) id 35D66117FE; Thu, 29 Jul 2004 11:09:29 +0200 (CEST) Date: Thu, 29 Jul 2004 11:09:29 +0200 From: "Simon L. Nielsen" To: Michael Lestinsky Message-ID: <20040729090928.GC92949@eddie.nitro.dk> References: <20040728224000.GA6887@zaphod.lestinsky.de> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="B4IIlcmfBL/1gGOG" Content-Disposition: inline In-Reply-To: <20040728224000.GA6887@zaphod.lestinsky.de> User-Agent: Mutt/1.5.6i cc: freebsd-current@freebsd.org Subject: Re: ipsec/racoon broken X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Jul 2004 09:09:33 -0000 --B4IIlcmfBL/1gGOG Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2004.07.29 00:40:00 +0200, Michael Lestinsky wrote: > for some time now my IPsec connection over my wireless network doesn't > seem to work. I've enabled debugging in racoon (it's used on both ends > of the connection) and get this in the log: >=20 > 2004-07-29 00:37:56: DEBUG: oakley.c:436:oakley_compute_keymat(): KEYMAT = computed. > 2004-07-29 00:37:56: DEBUG: isakmp_quick.c:649:quick_i2send(): call pk_se= ndupdate > 2004-07-29 00:37:56: DEBUG: algorithm.c:513:alg_ipsec_encdef(): encriptio= n(3des) > 2004-07-29 00:37:56: DEBUG: algorithm.c:556:alg_ipsec_hmacdef(): hmac(hma= c_sha1) > 2004-07-29 00:37:56: DEBUG: pfkey.c:1061:pk_sendupdate(): call pfkey_send= _update > 2004-07-29 00:37:56: ERROR: pfkey.c:1076:pk_sendupdate(): libipsec failed= send update (No buffer space available) The line above is the problem... > 2004-07-29 00:37:56: ERROR: isakmp_quick.c:651:quick_i2send(): pfkey upda= te failed. > 2004-07-29 00:37:56: ERROR: isakmp.c:750:quick_main(): failed to process = packet. > 2004-07-29 00:37:56: ERROR: isakmp.c:541:isakmp_main(): phase2 negotiatio= n failed. >=20 > Can someone help me here? The problem is related to the mbuma change.. A workaround I got from Christian Brueffer is to add options MSIZE=3D512 # mbuf size in bytes to your kernel configuration file. Bosko Milekic (mbuma author) is aware of the problem, but I don't think he has found the problem (or if it's even a mbuma bug and not a racoon bug that was just exposed by mbuma). --=20 Simon L. Nielsen FreeBSD Documentation Team --B4IIlcmfBL/1gGOG Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFBCL7Ih9pcDSc1mlERAhAJAKCZgMaqdYoIE11XfkFbQNBAIy1uiACeL4Y+ 5G2XizPc4JmyVGo6+M/2jOI= =sXWG -----END PGP SIGNATURE----- --B4IIlcmfBL/1gGOG--