From owner-freebsd-net@freebsd.org  Thu Aug  9 20:43:26 2018
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9BD8F10732D5
 for <freebsd-net@mailman.ysv.freebsd.org>;
 Thu,  9 Aug 2018 20:43:26 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org
 [IPv6:2001:1900:2254:206a::50:5])
 by mx1.freebsd.org (Postfix) with ESMTP id 36C8A86F3E
 for <freebsd-net@freebsd.org>; Thu,  9 Aug 2018 20:43:26 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: by mailman.ysv.freebsd.org (Postfix)
 id EF89C10732D0; Thu,  9 Aug 2018 20:43:25 +0000 (UTC)
Delivered-To: net@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id DE62410732CE
 for <net@mailman.ysv.freebsd.org>; Thu,  9 Aug 2018 20:43:25 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org
 [IPv6:2001:1900:2254:206a::19:3])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mxrelay.ysv.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 7FCB786F36
 for <net@FreeBSD.org>; Thu,  9 Aug 2018 20:43:25 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id CD87A1CC18
 for <net@FreeBSD.org>; Thu,  9 Aug 2018 20:43:24 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w79KhO4k088017
 for <net@FreeBSD.org>; Thu, 9 Aug 2018 20:43:24 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
Received: (from www@localhost)
 by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w79KhOKK088016
 for net@FreeBSD.org; Thu, 9 Aug 2018 20:43:24 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
X-Authentication-Warning: kenobi.freebsd.org: www set sender to
 bugzilla-noreply@freebsd.org using -f
From: bugzilla-noreply@freebsd.org
To: net@FreeBSD.org
Subject: [Bug 228108] if_ipsec drops all the icmp v4&v6 error messages
Date: Thu, 09 Aug 2018 20:43:24 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.1-RELEASE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: ae@FreeBSD.org
X-Bugzilla-Status: Closed
X-Bugzilla-Resolution: FIXED
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: ae@FreeBSD.org
X-Bugzilla-Flags: mfc-stable11+
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-228108-7501-wf6anxgCMH@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-228108-7501@https.bugs.freebsd.org/bugzilla/>
References: <bug-228108-7501@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Aug 2018 20:43:26 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D228108

--- Comment #14 from Andrey V. Elsukov <ae@FreeBSD.org> ---
(In reply to dpd from comment #13)
> I showed over here :
> https://lists.freebsd.org/pipermail/freebsd-net/2018-August/051301.html
>=20
> That it seems to work with this line removed.
>=20
> Attached is the shell transcript of my current observation.  The Tunnel
> seems up, but no traffic is getting passed.

You need to look at the output of `setkey -D`, `setkey -DP`, `netstat -sp e=
sp`,
`tcpdump -ni` on the network interface and check what actually is going on.
Provided information is not enough for debugging. As I said this looks more
like a problem with racoon, duplicate SAs, SPs or something like this. For
example, in log you have two SAs with different SPI for the same direction.
Before starting racoon, make sure that you have cleaned up from previous ru=
n on
both sides.

--=20
You are receiving this mail because:
You are on the CC list for the bug.=