From owner-freebsd-current@freebsd.org Fri Jul 24 21:38:40 2015 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EAB269AA5FE for ; Fri, 24 Jul 2015 21:38:40 +0000 (UTC) (envelope-from jmg@gold.funkthat.com) Received: from gold.funkthat.com (gate2.funkthat.com [208.87.223.18]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "gold.funkthat.com", Issuer "gold.funkthat.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id B4D091A23 for ; Fri, 24 Jul 2015 21:38:40 +0000 (UTC) (envelope-from jmg@gold.funkthat.com) Received: from gold.funkthat.com (localhost [127.0.0.1]) by gold.funkthat.com (8.14.5/8.14.5) with ESMTP id t6OLcdbg095817 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 24 Jul 2015 14:38:39 -0700 (PDT) (envelope-from jmg@gold.funkthat.com) Received: (from jmg@localhost) by gold.funkthat.com (8.14.5/8.14.5/Submit) id t6OLcdD3095816; Fri, 24 Jul 2015 14:38:39 -0700 (PDT) (envelope-from jmg) Date: Fri, 24 Jul 2015 14:38:39 -0700 From: John-Mark Gurney To: Alexandr Krivulya Cc: FreeBSD CURRENT Subject: Re: IPSEC stop works after r285336 Message-ID: <20150724213839.GP78154@funkthat.com> References: <55B099F6.8000004@shurik.kiev.ua> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <55B099F6.8000004@shurik.kiev.ua> X-Operating-System: FreeBSD 9.1-PRERELEASE amd64 X-PGP-Fingerprint: 54BA 873B 6515 3F10 9E88 9322 9CB1 8F74 6D3F A396 X-Files: The truth is out there X-URL: http://resnet.uoregon.edu/~gurney_j/ X-Resume: http://resnet.uoregon.edu/~gurney_j/resume.html X-TipJar: bitcoin:13Qmb6AeTgQecazTWph4XasEsP7nGRbAPE X-to-the-FBI-CIA-and-NSA: HI! HOW YA DOIN? can i haz chizburger? User-Agent: Mutt/1.5.21 (2010-09-15) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (gold.funkthat.com [127.0.0.1]); Fri, 24 Jul 2015 14:38:39 -0700 (PDT) X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Jul 2015 21:38:41 -0000 Alexandr Krivulya wrote this message on Thu, Jul 23, 2015 at 10:38 +0300: > I have IPSEC tunnel inside l2tp tunnel via mpd. After r285536 I see only > outgoing esp packets on ng interface: This change is -stable, not -current, but the change referenced below is -current... Which one are you running? Also, the only ipsec related change after r285535 is r285770, though that probably won't effect it... Could you possibly narrow the change that broke things? > root@thinkpad:/usr/src # tcpdump -i ng0 > tcpdump: verbose output suppressed, use -v or -vv for full protocol decode > listening on ng0, link-type NULL (BSD loopback), capture size 262144 bytes > 10:35:27.331886 IP 10.10.10.2 > 10.10.10.1: > ESP(spi=0x03081e58,seq=0x9a5), length 140 > 10:35:28.371707 IP 10.10.10.2 > 10.10.10.1: > ESP(spi=0x03081e58,seq=0x9a6), length 140 > 10:35:29.443536 IP 10.10.10.2 > 10.10.10.1: > ESP(spi=0x03081e58,seq=0x9a7), length 140 > 10:35:30.457370 IP 10.10.10.2 > 10.10.10.1: > ESP(spi=0x03081e58,seq=0x9a8), length 140 > 10:35:31.475606 IP 10.10.10.2 > 10.10.10.1: > ESP(spi=0x03081e58,seq=0x9a9), length 140 > 10:35:31.622315 IP 10.10.10.1.isakmp > 10.10.10.2.isakmp: isakmp: phase > 2/others ? inf[E] > 10:35:31.622544 IP 10.10.10.2.isakmp > 10.10.10.1.isakmp: isakmp: phase > 2/others ? inf[E] > 10:35:31.622658 IP 10.10.10.2.isakmp > 10.10.10.1.isakmp: isakmp: phase > 2/others ? inf[E] > 10:35:31.623933 IP 10.10.10.1.isakmp > 10.10.10.2.isakmp: isakmp: phase > 2/others ? inf[E] > 10:35:32.492349 IP 10.10.10.2 > 10.10.10.1: > ESP(spi=0x03081e58,seq=0x9aa), length 140 > 10:35:33.509346 IP 10.10.10.2 > 10.10.10.1: > ESP(spi=0x03081e58,seq=0x9ab), length 140 > 10:35:34.527187 IP 10.10.10.2 > 10.10.10.1: > ESP(spi=0x03081e58,seq=0x9ac), length 140 > 10:35:35.539600 IP 10.10.10.2 > 10.10.10.1: > ESP(spi=0x03081e58,seq=0x9ad), length 140 > > With r285535 all works fine. -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not."