From owner-freebsd-current@FreeBSD.ORG Thu Jul 29 01:01:11 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 317EF16A4CE for ; Thu, 29 Jul 2004 01:01:11 +0000 (GMT) Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id B695F43D53 for ; Thu, 29 Jul 2004 01:01:10 +0000 (GMT) (envelope-from robert@fledge.watson.org) Received: from fledge.watson.org (localhost [127.0.0.1]) by fledge.watson.org (8.12.11/8.12.11) with ESMTP id i6T10DAf033119; Wed, 28 Jul 2004 21:00:13 -0400 (EDT) (envelope-from robert@fledge.watson.org) Received: from localhost (robert@localhost)i6T10D7p033116; Wed, 28 Jul 2004 21:00:13 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Wed, 28 Jul 2004 21:00:13 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: Michael Lestinsky In-Reply-To: <20040728224000.GA6887@zaphod.lestinsky.de> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-current@freebsd.org Subject: Re: ipsec/racoon broken X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Jul 2004 01:01:11 -0000 On Thu, 29 Jul 2004, Michael Lestinsky wrote: > for some time now my IPsec connection over my wireless network doesn't > seem to work. I've enabled debugging in racoon (it's used on both ends > of the connection) and get this in the log: Could you try editing src/sys/net/raw_cb.h and editing RAWSNDQ and RAWRCVQ to set both values to 32768? This probably won't fix it, but it might be an easy way to see if we're looking at the size of a pfkey packet exceeding the available socket buffer space. Question: are you using KAME IPSEC or FAST_IPSEC? Another thing to try: could you use ktrace to identify the system call and arguments generating the ENOBUFS return value? Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Principal Research Scientist, McAfee Research > > 2004-07-29 00:37:56: DEBUG: oakley.c:436:oakley_compute_keymat(): KEYMAT computed. > 2004-07-29 00:37:56: DEBUG: isakmp_quick.c:649:quick_i2send(): call pk_sendupdate > 2004-07-29 00:37:56: DEBUG: algorithm.c:513:alg_ipsec_encdef(): encription(3des) > 2004-07-29 00:37:56: DEBUG: algorithm.c:556:alg_ipsec_hmacdef(): hmac(hmac_sha1) > 2004-07-29 00:37:56: DEBUG: pfkey.c:1061:pk_sendupdate(): call pfkey_send_update > 2004-07-29 00:37:56: ERROR: pfkey.c:1076:pk_sendupdate(): libipsec failed send update (No buffer space available) > 2004-07-29 00:37:56: ERROR: isakmp_quick.c:651:quick_i2send(): pfkey update failed. > 2004-07-29 00:37:56: ERROR: isakmp.c:750:quick_main(): failed to process packet. > 2004-07-29 00:37:56: ERROR: isakmp.c:541:isakmp_main(): phase2 negotiation failed. > > Can someone help me here? > > Thanks, > Michael > > -- > "Einige Hersteller verstehen sich gut auf Vermarktung und Vaporware - > andere Firmen liefern." > -- CNet > _______________________________________________ > freebsd-current@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org" >