Date: Wed, 28 Jul 2004 21:00:13 -0400 (EDT) From: Robert Watson <rwatson@freebsd.org> To: Michael Lestinsky <michael@lestinsky.de> Cc: freebsd-current@freebsd.org Subject: Re: ipsec/racoon broken Message-ID: <Pine.NEB.3.96L.1040728205816.31673A-100000@fledge.watson.org> In-Reply-To: <20040728224000.GA6887@zaphod.lestinsky.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 29 Jul 2004, Michael Lestinsky wrote: > for some time now my IPsec connection over my wireless network doesn't > seem to work. I've enabled debugging in racoon (it's used on both ends > of the connection) and get this in the log: Could you try editing src/sys/net/raw_cb.h and editing RAWSNDQ and RAWRCVQ to set both values to 32768? This probably won't fix it, but it might be an easy way to see if we're looking at the size of a pfkey packet exceeding the available socket buffer space. Question: are you using KAME IPSEC or FAST_IPSEC? Another thing to try: could you use ktrace to identify the system call and arguments generating the ENOBUFS return value? Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Principal Research Scientist, McAfee Research > > 2004-07-29 00:37:56: DEBUG: oakley.c:436:oakley_compute_keymat(): KEYMAT computed. > 2004-07-29 00:37:56: DEBUG: isakmp_quick.c:649:quick_i2send(): call pk_sendupdate > 2004-07-29 00:37:56: DEBUG: algorithm.c:513:alg_ipsec_encdef(): encription(3des) > 2004-07-29 00:37:56: DEBUG: algorithm.c:556:alg_ipsec_hmacdef(): hmac(hmac_sha1) > 2004-07-29 00:37:56: DEBUG: pfkey.c:1061:pk_sendupdate(): call pfkey_send_update > 2004-07-29 00:37:56: ERROR: pfkey.c:1076:pk_sendupdate(): libipsec failed send update (No buffer space available) > 2004-07-29 00:37:56: ERROR: isakmp_quick.c:651:quick_i2send(): pfkey update failed. > 2004-07-29 00:37:56: ERROR: isakmp.c:750:quick_main(): failed to process packet. > 2004-07-29 00:37:56: ERROR: isakmp.c:541:isakmp_main(): phase2 negotiation failed. > > Can someone help me here? > > Thanks, > Michael > > -- > "Einige Hersteller verstehen sich gut auf Vermarktung und Vaporware - > andere Firmen liefern." > -- CNet > _______________________________________________ > freebsd-current@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1040728205816.31673A-100000>