From owner-freebsd-net@FreeBSD.ORG Wed Aug 1 22:55:38 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3D72316A417 for ; Wed, 1 Aug 2007 22:55:38 +0000 (UTC) (envelope-from fox@verio.net) Received: from dfw-smtpout2.email.verio.net (dfw-smtpout2.email.verio.net [129.250.36.42]) by mx1.freebsd.org (Postfix) with ESMTP id 0DF8313C4D0 for ; Wed, 1 Aug 2007 22:55:37 +0000 (UTC) (envelope-from fox@verio.net) Received: from [129.250.36.64] (helo=dfw-mmp4.email.verio.net) by dfw-smtpout2.email.verio.net with esmtp id 1IGN6P-0002Ye-9I for freebsd-net@freebsd.org; Wed, 01 Aug 2007 22:55:37 +0000 Received: from [129.250.40.241] (helo=limbo.int.dllstx01.us.it.verio.net) by dfw-mmp4.email.verio.net with esmtp id 1IGN6P-0001dl-5s for freebsd-net@freebsd.org; Wed, 01 Aug 2007 22:55:37 +0000 Received: by limbo.int.dllstx01.us.it.verio.net (Postfix, from userid 1000) id 935D18E296; Wed, 1 Aug 2007 17:55:36 -0500 (CDT) Date: Wed, 1 Aug 2007 17:55:36 -0500 From: David DeSimone To: freebsd-net@freebsd.org Message-ID: <20070801225536.GB19913@verio.net> Mail-Followup-To: freebsd-net@freebsd.org References: <7feb82f40707301752j2ccb235eof197fed852188bd5@mail.gmail.com> <20070731105332.GA1285@jayce.zen.inc> <7feb82f40707311129n66c149c0k6f106acd6e7b8d5@mail.gmail.com> <7feb82f40708010504y75ab3cc9i4a31b41a765c0af4@mail.gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii; x-action=pgp-signed Content-Disposition: inline In-Reply-To: <7feb82f40708010504y75ab3cc9i4a31b41a765c0af4@mail.gmail.com> Precedence: bulk User-Agent: Mutt/1.5.9i Subject: Re: IPSEC connection drops and doesn't recover X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Aug 2007 22:55:38 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Isaac Kohen wrote: > > I get these in dmesg-- does it mean anything? > > IPv4 ESP input: no key association found for spi 94246771 > IPv4 ESP input: no key association found for spi 94246771 > IPv4 ESP input: no key association found for spi 94246771 > IPv4 ESP input: no key association found for spi 94246771 This means that your remote peer still believes that there is an outstanding SA defined, and it is sending you encrypted packets that your system does not understand. As another poster reported, you may have some IKE session lifetime discrepancies that you need to work out. - -- David DeSimone == Network Admin == fox@verio.net "It took me fifteen years to discover that I had no talent for writing, but I couldn't give it up because by that time I was too famous. -- Robert Benchley -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFGsQ9oFSrKRjX5eCoRAqQfAJ4smgTABPRS78VuYqijWYK66msQ0ACfdqss GUoaysrFP0ymHGz1UyvXiX4= =u/uk -----END PGP SIGNATURE-----