From owner-freebsd-stable@freebsd.org Thu May 9 11:41:51 2019 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 52ED115A6739 for ; Thu, 9 May 2019 11:41:51 +0000 (UTC) (envelope-from pblok@bsd4all.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id B4AFF8AF44 for ; Thu, 9 May 2019 11:41:50 +0000 (UTC) (envelope-from pblok@bsd4all.org) Received: by mailman.ysv.freebsd.org (Postfix) id 7577015A6716; Thu, 9 May 2019 11:41:50 +0000 (UTC) Delivered-To: stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 530D515A6711 for ; Thu, 9 May 2019 11:41:50 +0000 (UTC) (envelope-from pblok@bsd4all.org) Received: from smtpq1.mnd.mail.iss.as9143.net (smtpq1.mnd.mail.iss.as9143.net [212.54.34.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 34F998AF3B for ; Thu, 9 May 2019 11:41:48 +0000 (UTC) (envelope-from pblok@bsd4all.org) Received: from [212.54.34.118] (helo=smtp10.mnd.mail.iss.as9143.net) by smtpq1.mnd.mail.iss.as9143.net with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1hOhQg-0003p8-Kl; Thu, 09 May 2019 13:41:38 +0200 Received: from 94-209-122-217.cable.dynamic.v4.ziggo.nl ([94.209.122.217] helo=wan0.bsd4all.org) by smtp10.mnd.mail.iss.as9143.net with esmtp (Exim 4.86_2) (envelope-from ) id 1hOhQg-0002ep-Gr; Thu, 09 May 2019 13:41:38 +0200 Received: from newnas (localhost [127.0.0.1]) by wan0.bsd4all.org (Postfix) with ESMTP id DAC29121; Thu, 9 May 2019 13:41:37 +0200 (CEST) X-Virus-Scanned: amavisd-new at bsd4all.org Received: from wan0.bsd4all.org ([127.0.0.1]) by newnas (newnas.bsd4all.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eAtRhM8WLcxL; Thu, 9 May 2019 13:41:36 +0200 (CEST) Received: from [192.168.1.65] (unknown [192.168.1.65]) by wan0.bsd4all.org (Postfix) with ESMTPSA id 90FB2116; Thu, 9 May 2019 13:41:36 +0200 (CEST) From: Peter Blok Message-Id: Content-Type: multipart/signed; boundary="Apple-Mail=_D033D56B-B392-432D-A5E6-74AF80C900FE"; protocol="application/pkcs7-signature"; micalg=sha-256 Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.8\)) Subject: Re: route based ipsec Date: Thu, 9 May 2019 13:41:36 +0200 In-Reply-To: <83f4e225-b767-72ee-43df-52163271ce8e@grosbein.net> Cc: KOT MATPOCKuH , "Andrey V. Elsukov" , stable@freebsd.org To: Eugene Grosbein References: <83f4e225-b767-72ee-43df-52163271ce8e@grosbein.net> X-Mailer: Apple Mail (2.3445.104.8) X-SourceIP: 94.209.122.217 X-Ziggo-spambar: / X-Ziggo-spamscore: 0.0 X-Ziggo-spamreport: CMAE Analysis: v=2.3 cv=AMnWcezf c=1 sm=1 tr=0 a=0XONDDbZk2SpjknwKA3Xxg==:17 a=jpOVt7BSZ2e4Z31A5e1TngXxSK0=:19 a=E5NmQfObTbMA:10 a=H0GPC0OhAAAA:8 a=6I5d2MoRAAAA:8 a=nap-lZuEgHDgqEnL998A:9 a=QEXdDO2ut3YA:10 a=OPcFMwLL4aR0DNf0FsYA:9 a=ZVk8-NSrHBgA:10 a=KczGKrPSgCPlefTG41c3:22 a=IjZwj45LgO3ly-622nXo:22 X-Ziggo-Spam-Status: No X-Spam-Status: No X-Spam-Flag: No X-Rspamd-Queue-Id: 34F998AF3B X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; spf=pass (mx1.freebsd.org: domain of pblok@bsd4all.org designates 212.54.34.164 as permitted sender) smtp.mailfrom=pblok@bsd4all.org X-Spamd-Result: default: False [-5.40 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+a:smtp.ziggo.nl/16]; MV_CASE(0.50)[]; HAS_ATTACHMENT(0.00)[]; MX_GOOD(-0.01)[smtp.bsd4all.org]; NEURAL_HAM_SHORT(-0.96)[-0.962,0]; RCVD_IN_DNSWL_LOW(-0.10)[164.34.54.212.list.dnswl.org : 127.0.5.1]; MIME_TRACE(0.00)[0:+,1:+]; IP_SCORE(-0.43)[ipnet: 212.54.32.0/20(-2.28), asn: 33915(0.15), country: NL(0.01)]; FROM_EQ_ENVFROM(0.00)[]; ASN(0.00)[asn:33915, ipnet:212.54.32.0/20, country:NL]; MID_RHS_MATCH_FROM(0.00)[]; RECEIVED_SPAMHAUS_PBL(0.00)[217.122.209.94.zen.spamhaus.org : 127.0.0.11]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; RCVD_COUNT_FIVE(0.00)[6]; FROM_HAS_DN(0.00)[]; SIGNED_SMIME(-2.00)[]; RCPT_COUNT_THREE(0.00)[4]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; DMARC_NA(0.00)[bsd4all.org]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; TO_MATCH_ENVRCPT_SOME(0.00)[]; R_DKIM_NA(0.00)[]; FREEMAIL_CC(0.00)[gmail.com]; RCVD_TLS_LAST(0.00)[] X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 May 2019 11:41:51 -0000 --Apple-Mail=_D033D56B-B392-432D-A5E6-74AF80C900FE Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 I have tried certificates in the past, but racoon never worked stable = enough. Didn=E2=80=99t crash on me though. I have moved over to Strongswan and never regretted this move. Very = stable. Peter > On 8 May 2019, at 03:29, Eugene Grosbein wrote: >=20 > 08.05.2019 3:23, KOT MATPOCKuH wrote: >=20 >> I'm misunderstand what in my configuration can result core dumps a = running >> daemon... >> I'm attached a sample racoon.conf. Can You check for possible = problems? >> Also on one host I got a crash in another function: >> (gdb) bt >> #0 0x000000000024717f in privsep_init () >> #1 0x00000000002375f4 in inscontacted () >> #2 0x00000000002337d0 in isakmp_plist_set_all () >> #3 0x000000000023210d in isakmp_ph2expire () >> #4 0x000000000023162a in isakmp_ph1delete () >> #5 0x000000000023110b in isakmp_ph2resend () >> #6 0x00000008002aa000 in ?? () >> #7 0x0000000000000000 in ?? () >=20 > I guess configuration using certificates is not tested enough. > It works stable for me but I use psk only. >=20 > You need to fix code yourself or stop using racoon with certificates. >=20 > _______________________________________________ > freebsd-stable@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to = "freebsd-stable-unsubscribe@freebsd.org" --Apple-Mail=_D033D56B-B392-432D-A5E6-74AF80C900FE Content-Disposition: attachment; filename=smime.p7s Content-Type: application/pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCCBSAw ggUcMIIEBKADAgECAhEAq2wFIs+rCK6H6/2jbblXhDANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UE BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxPTA7BgNVBAMTNENPTU9ETyBSU0EgQ2xpZW50IEF1dGhl bnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1haWwgQ0EwHhcNMTgwNDE0MDAwMDAwWhcNMjEwNDEzMjM1 OTU5WjBEMQswCQYDVQQGEwJOTDETMBEGA1UEAxMKUGV0ZXIgQmxvazEgMB4GCSqGSIb3DQEJARYR cGJsb2tAYnNkNGFsbC5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPT/3evs2a zLSIVepGa9qFVcSISd5HzoJt9xAyQ4od7NM6Qzwm446OyhzWsIN/a6+nDNB4AxzSg00QXKx4afEa FrdLzmREEfv24f88j2UZYqHAls0j26jyED5FZ068xs4gWZBG2U7EVTUNNJuUrrmqBNZkGxTIrFrD Cgr1EpRULpN+HrEelHHh7uR0twAjvwcyXkG9DbDJXnw8HzKGR80ik4+13HDxx4mDxOY4NOvWSSiM kEFS2Z2AKtxXSMBQZHazAUvbka27c1m93/QsjnDF+P6Aef9NEvUDL9mU9Jbf/+5V+anT2KdPGP4p rQ9gA/Nup61qxDkwc+RupiXD5NSbAgMBAAGjggGzMIIBrzAfBgNVHSMEGDAWgBSCr2yM+MX+lmF8 6B89K3FIXsSLwDAdBgNVHQ4EFgQUjwe7n1zvxFkTeCUYWrsaJpOGP14wDgYDVR0PAQH/BAQDAgWg MAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwQGCCsGAQUFBwMCMEYGA1UdIAQ/MD0w OwYMKwYBBAGyMQECAQMFMCswKQYIKwYBBQUHAgEWHWh0dHBzOi8vc2VjdXJlLmNvbW9kby5uZXQv Q1BTMFoGA1UdHwRTMFEwT6BNoEuGSWh0dHA6Ly9jcmwuY29tb2RvY2EuY29tL0NPTU9ET1JTQUNs aWVudEF1dGhlbnRpY2F0aW9uYW5kU2VjdXJlRW1haWxDQS5jcmwwgYsGCCsGAQUFBwEBBH8wfTBV BggrBgEFBQcwAoZJaHR0cDovL2NydC5jb21vZG9jYS5jb20vQ09NT0RPUlNBQ2xpZW50QXV0aGVu dGljYXRpb25hbmRTZWN1cmVFbWFpbENBLmNydDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29t b2RvY2EuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQC85hVlqTVwt218IJR/WjMiMnDtZ7hY860XKjzO uB3sUUQwHxHj+ZYuMbAfVLZGGqh1EekbwDMVgkK9cezIHM+ZzxrNGX2SJyl1YW+3FLn52P0uIlmA VPFjUowf5qBhOHl2NJo+WXYZhQY7rT/xSygE81o3oLE/A4zO6WtO3PeZpFpZNrBvizAsjTDfPeXW iQzXz6NLrgwert0Wml95ov2rG5oCzHYPijabubSNm2NdUjPRtcVylcqAThXOvp6X4UvW8/L0uhkp 9WsKP2JEJ3Zukv7Ib+vMBsdE4tf4rmv89pQC+lLpD08ze/QDCIeFBCRIihcC2PycDQrnNIp1RAIh MYIDyjCCA8YCAQEwga0wgZcxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0 ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMT0wOwYDVQQD EzRDT01PRE8gUlNBIENsaWVudCBBdXRoZW50aWNhdGlvbiBhbmQgU2VjdXJlIEVtYWlsIENBAhEA q2wFIs+rCK6H6/2jbblXhDANBglghkgBZQMEAgEFAKCCAe0wGAYJKoZIhvcNAQkDMQsGCSqGSIb3 DQEHATAcBgkqhkiG9w0BCQUxDxcNMTkwNTA5MTE0MTM2WjAvBgkqhkiG9w0BCQQxIgQg3e/gusP3 KjhAq1Nio3kpTttoEFiMknOvetoWWJsQGh0wgb4GCSsGAQQBgjcQBDGBsDCBrTCBlzELMAkGA1UE BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxPTA7BgNVBAMTNENPTU9ETyBSU0EgQ2xpZW50IEF1dGhl bnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1haWwgQ0ECEQCrbAUiz6sIrofr/aNtuVeEMIHABgsqhkiG 9w0BCRACCzGBsKCBrTCBlzELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3Rl cjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxPTA7BgNVBAMT NENPTU9ETyBSU0EgQ2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1haWwgQ0ECEQCr bAUiz6sIrofr/aNtuVeEMA0GCSqGSIb3DQEBAQUABIIBAKUyGJXeLYOh/2kMW2TpxRiUkty0MoH9 +SOBwlSVE8iNvYMvUgoN9I8N6QgAxluyg/BP0YlRjZ9XdRlUZWGG3suXCYk9eLcjJqdYpnZfZnMe pJJWRCL9SdclyVDMfYuxJQLNImnHrlwMvyeLeINtlxhKCMQUbCBcENc4bu2itzvZGYMMkPZ87BsX es/nLZXXBKarAGu+ef+5E4qADAC4ZCbOv5je+P0vwaPdd1IsBk55XOeR7Ce5nPv5NFqWx/8x6KGl Ept0RpoKVTACQQoIUrhNJ+9M85163p7WF6/GTPZmC6YtQ8VIWlNiTUJHJqO2jRrSP7QHyZEYj3Hz 5XaNG+0AAAAAAAA= --Apple-Mail=_D033D56B-B392-432D-A5E6-74AF80C900FE--