Date: Wed, 26 Aug 2015 08:37:57 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 202667] ipsec broken on i386 Message-ID: <bug-202667-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=202667 Bug ID: 202667 Summary: ipsec broken on i386 Product: Base System Version: 10.2-STABLE Hardware: i386 OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: freebsd-bugs@FreeBSD.org Reporter: emz@norma.perm.ru I'm using NanoBSD for branch office routers, I have like dozens of these. I'm using gre+ipsec to create a corporate VPN. After upgrade to r285595 ipsec stopped working. Symptoms: - SP are installed - SA are installed (ipsec-tools are used) - scheme is as follows: (A, FreeBSD) <=========ipsec/gre========> (B, nanobsd) B sends icmp via tunnel to A. A sees ipsec packets, successfully decrypts them and replies. B sees ipsec packets (correct SPIs and stuff) but sees nothing on the tunnel interface. The most interesting part is that A also runs same release as B, but on amd64. I've upgraded both systems to r286954, to resolve recent netstat issue, and, since it was related to i386 and ipsec somehow, to see if that would help - it didn't. When I disable ipsec (flush the SA and SP's for that particular tunnel on A and B) the tunnel begins to work. -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-202667-8>