From owner-freebsd-current@FreeBSD.ORG Thu Jun 10 14:34:25 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D825116A4CE for ; Thu, 10 Jun 2004 14:34:25 +0000 (GMT) Received: from mail.daemonground.de (daemonground.de [217.160.129.149]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5D95F43D31 for ; Thu, 10 Jun 2004 14:34:23 +0000 (GMT) (envelope-from sascha@daemonground.de) Received: from localhost (localhost.localdomain [127.0.0.1]) by mail.daemonground.de (Postfix) with ESMTP id E19028A000 for ; Thu, 10 Jun 2004 16:34:21 +0200 (CEST) Received: from mail.daemonground.de ([127.0.0.1]) by localhost (daemonground.de [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 95038-05 for ; Thu, 10 Jun 2004 16:34:18 +0200 (CEST) Received: from [192.168.2.18] (p548086E1.dip.t-dialin.net [84.128.134.225]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.daemonground.de (Postfix) with ESMTP id 42E5489FFF for ; Thu, 10 Jun 2004 16:34:18 +0200 (CEST) From: Sascha Holzleiter To: current@freebsd.org In-Reply-To: <20040606025301.GB41345@mehnert.org> References: <20040606025301.GB41345@mehnert.org> Content-Type: text/plain Message-Id: <1086878054.698.10.camel@dreamland.chief.home> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.6 Date: Thu, 10 Jun 2004 16:34:14 +0200 Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at daemonground.de X-Mailman-Approved-At: Fri, 11 Jun 2004 12:02:11 +0000 Subject: Re: IPSec broken in -current X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Jun 2004 14:34:26 -0000 On Sun, 2004-06-06 at 04:53, Hannes Mehnert wrote: > I have a FreeBSD-CURRENT from Fri Jun 4 17:24:01 CEST 2004 where IPSec > is broken: > > I tried IPSEC & IPSEC_ESP (kame stack) as well as FAST_IPSEC and always > get the following error during phase2 (output from racoon): > DEBUG: oakley.c:436:oakley_compute_keymat(): KEYMAT computed. > DEBUG: isakmp_quick.c:649:quick_i2send(): call pk_sendupdate > DEBUG: algorithm.c:513:alg_ipsec_encdef(): encription(rijndael) > DEBUG: algorithm.c:556:alg_ipsec_hmacdef(): hmac(hmac_sha1) > DEBUG: pfkey.c:1061:pk_sendupdate(): call pfkey_send_update > ERROR: pfkey.c:1076:pk_sendupdate(): libipsec failed send update > (No buffer space available) > ERROR: isakmp_quick.c:651:quick_i2send(): pfkey update failed. > ERROR: isakmp.c:750:quick_main(): failed to process packet. > > anyone has seen this? > I see the same problem with a yesterday -CURRENT build: 2004-06-10 16:20:04: ERROR: pfkey.c:1076:pk_sendupdate(): libipsec failed send update (No buffer space available) 2004-06-10 16:20:04: ERROR: isakmp_quick.c:651:quick_i2send(): pfkey update failed. 2004-06-10 16:20:04: ERROR: isakmp.c:750:quick_main(): failed to process packet. 2004-06-10 16:20:04: ERROR: isakmp.c:541:isakmp_main(): phase2 negotiation failed. -- Sascha