From owner-freebsd-bugs@freebsd.org Wed Aug 26 08:37:57 2015 Return-Path: Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8540F99A85A for ; Wed, 26 Aug 2015 08:37:57 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 72640A03 for ; Wed, 26 Aug 2015 08:37:57 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id t7Q8bvLN035269 for ; Wed, 26 Aug 2015 08:37:57 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 202667] ipsec broken on i386 Date: Wed, 26 Aug 2015 08:37:57 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 10.2-STABLE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: emz@norma.perm.ru X-Bugzilla-Status: New X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Aug 2015 08:37:57 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=202667 Bug ID: 202667 Summary: ipsec broken on i386 Product: Base System Version: 10.2-STABLE Hardware: i386 OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: freebsd-bugs@FreeBSD.org Reporter: emz@norma.perm.ru I'm using NanoBSD for branch office routers, I have like dozens of these. I'm using gre+ipsec to create a corporate VPN. After upgrade to r285595 ipsec stopped working. Symptoms: - SP are installed - SA are installed (ipsec-tools are used) - scheme is as follows: (A, FreeBSD) <=========ipsec/gre========> (B, nanobsd) B sends icmp via tunnel to A. A sees ipsec packets, successfully decrypts them and replies. B sees ipsec packets (correct SPIs and stuff) but sees nothing on the tunnel interface. The most interesting part is that A also runs same release as B, but on amd64. I've upgraded both systems to r286954, to resolve recent netstat issue, and, since it was related to i386 and ipsec somehow, to see if that would help - it didn't. When I disable ipsec (flush the SA and SP's for that particular tunnel on A and B) the tunnel begins to work. -- You are receiving this mail because: You are the assignee for the bug.