Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 26 Aug 2015 08:37:57 +0000
From:      bugzilla-noreply@freebsd.org
To:        freebsd-bugs@FreeBSD.org
Subject:   [Bug 202667] ipsec broken on i386
Message-ID:  <bug-202667-8@https.bugs.freebsd.org/bugzilla/>

next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=202667

            Bug ID: 202667
           Summary: ipsec broken on i386
           Product: Base System
           Version: 10.2-STABLE
          Hardware: i386
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs@FreeBSD.org
          Reporter: emz@norma.perm.ru

I'm using NanoBSD for branch office routers, I have like dozens of these. I'm
using gre+ipsec to create a corporate VPN. After upgrade to r285595 ipsec
stopped working. Symptoms:

- SP are installed
- SA are installed (ipsec-tools are used)
- scheme is as follows:

(A, FreeBSD) <=========ipsec/gre========> (B, nanobsd)

B sends icmp via tunnel to A. A sees ipsec packets, successfully decrypts them
and replies. B sees ipsec packets (correct SPIs and stuff) but sees nothing on
the tunnel interface.

The most interesting part is that A also runs same release as B, but on amd64.
I've upgraded both systems to r286954, to resolve recent netstat issue, and,
since it was related to i386 and ipsec somehow, to see if that would help - it
didn't.

When I disable ipsec (flush the SA and SP's for that particular tunnel on A and
B) the tunnel begins to work.

-- 
You are receiving this mail because:
You are the assignee for the bug.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-202667-8>