Date: Mon, 23 Apr 2018 14:13:00 +0300 From: "Andrey V. Elsukov" <bu7cher@yandex.ru> To: Victor Gamov <vit@otcnet.ru>, freebsd-net@freebsd.org Subject: Re: multiple if_ipsec Message-ID: <92930ba6-828d-ecb5-ce37-36794ec80ef7@yandex.ru> In-Reply-To: <77c37ff9-8de3-dec0-176a-2b34db136bc5@otcnet.ru> References: <b859ed18-e511-3640-4662-4242a53d999c@otcnet.ru> <5e36ac3f-39ce-72c5-cd97-dd3c4cf551a7@yandex.ru> <30d1c5f9-56e7-c67b-43e1-e6f0457360a8@otcnet.ru> <c2cb415b-bcde-c714-9412-103e674ce673@yandex.ru> <77c37ff9-8de3-dec0-176a-2b34db136bc5@otcnet.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --LSbERtPFN0wsQAq0TWWNdbpNl8fk3Q5Ei Content-Type: multipart/mixed; boundary="MojZ1Byxkja8MWuf10zkndsNFEdtq8wsa"; protected-headers="v1" From: "Andrey V. Elsukov" <bu7cher@yandex.ru> To: Victor Gamov <vit@otcnet.ru>, freebsd-net@freebsd.org Message-ID: <92930ba6-828d-ecb5-ce37-36794ec80ef7@yandex.ru> Subject: Re: multiple if_ipsec References: <b859ed18-e511-3640-4662-4242a53d999c@otcnet.ru> <5e36ac3f-39ce-72c5-cd97-dd3c4cf551a7@yandex.ru> <30d1c5f9-56e7-c67b-43e1-e6f0457360a8@otcnet.ru> <c2cb415b-bcde-c714-9412-103e674ce673@yandex.ru> <77c37ff9-8de3-dec0-176a-2b34db136bc5@otcnet.ru> In-Reply-To: <77c37ff9-8de3-dec0-176a-2b34db136bc5@otcnet.ru> --MojZ1Byxkja8MWuf10zkndsNFEdtq8wsa Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 21.04.2018 19:16, Victor Gamov wrote: > When I change ipsec-interfaces creation order then only last created > interface worked fine again and previously configured interfaces does > not work. >=20 >=20 > And very interesting fact: when I ping from remote 10.10.98.5 for > example to FreeBSD 10.10.98.6 then no ICMP-request coming over > ipsec-interface but ICMP-reply outgoing via this ipsec-interface (but > not delivered to 10.10.98.5) >=20 >=20 > Any ideas? I'm lack of any ideas. For further debugging I need to see the output of # sysctl net. | grep ipsec # setkey -DP # setkey -D # ifconfig And probably racoon's logs. --=20 WBR, Andrey V. Elsukov --MojZ1Byxkja8MWuf10zkndsNFEdtq8wsa-- --LSbERtPFN0wsQAq0TWWNdbpNl8fk3Q5Ei Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEzBAEBCAAdFiEE5lkeG0HaFRbwybwAAcXqBBDIoXoFAlrdv8AACgkQAcXqBBDI oXp0Bwf/e3Ch360VMuzK2bX+Bcbl3YLiAjDXbMzw80IMMSokXZJTblxFzCt+I9A7 JL/bOSoJIoIHaFlgFBqP6h2f/ii+GQvq+/DCjhDUk/bXD3UZcV8r1aCV1FKIj7hl elnPBj61vKiJKBOg+j1jBwdDWziLutfL+IzKf/C4JMIoOgEAcR03WxQXfoKAMdi2 G03PCrYEEx3vytQHRjmoD/lY/+6fWf3m5XPnv+LBqGKN5hGbHDPUTbvBlj6oq5Rd PMf29lmlMxz7MkIjQgX/9MTsZTDfvgRuA9fpF5TCC13vDDr+3BUh7SFYqpbbTmZf igpKXA9GjXFKAOL7/9kS7vP1Mb/JCw== =m8C1 -----END PGP SIGNATURE----- --LSbERtPFN0wsQAq0TWWNdbpNl8fk3Q5Ei--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?92930ba6-828d-ecb5-ce37-36794ec80ef7>