From owner-freebsd-stable@freebsd.org  Wed Jul 15 04:42:14 2015
Return-Path: <owner-freebsd-stable@freebsd.org>
Delivered-To: freebsd-stable@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7BF2C99C17C
 for <freebsd-stable@mailman.ysv.freebsd.org>;
 Wed, 15 Jul 2015 04:42:14 +0000 (UTC)
 (envelope-from emz@norma.perm.ru)
Received: from elf.hq.norma.perm.ru (unknown [IPv6:2a00:7540:1::5])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mail.norma.perm.ru",
 Issuer "Vivat-Trade UNIX Root CA" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id E8A371979
 for <freebsd-stable@freebsd.org>; Wed, 15 Jul 2015 04:42:12 +0000 (UTC)
 (envelope-from emz@norma.perm.ru)
Received: from bsdrookie.norma.com. ([IPv6:fd00::77d])
 by elf.hq.norma.perm.ru (8.14.9/8.14.9) with ESMTP id t6F4g5rq046843
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO)
 for <freebsd-stable@freebsd.org>; Wed, 15 Jul 2015 09:42:07 +0500 (YEKT)
 (envelope-from emz@norma.perm.ru)
Message-ID: <55A5E49D.1060000@norma.perm.ru>
Date: Wed, 15 Jul 2015 09:42:05 +0500
From: "Eugene M. Zheganin" <emz@norma.perm.ru>
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64;
 rv:31.0) Gecko/20100101 Thunderbird/31.5.0
MIME-Version: 1.0
To: FreeBSD-STABLE Mailing List <freebsd-stable@freebsd.org>
Subject: ipsec broken again
Content-Type: text/plain; charset=koi8-r
Content-Transfer-Encoding: 7bit
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3
 (elf.hq.norma.perm.ru [IPv6:fd00::30a]);
 Wed, 15 Jul 2015 09:42:07 +0500 (YEKT)
X-Spam-Status: No hits=-100.1 bayes=0.0000 testhits AWL=0.360,BAYES_00=-1.9,
 RDNS_NONE=0.793,SPF_SOFTFAIL=0.665,USER_IN_WHITELIST=-100 autolearn=no
 autolearn_force=no version=3.4.0
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on elf.hq.norma.perm.ru
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable/>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Jul 2015 04:42:14 -0000

Hi.

As soon as I upgraded one of my ipsec routers to recent stable
(10.2-BETA1 #0 r285524) it stopped working as a security gateway. Ipsec
traffic is passed out and receiving in, SA are in place, but nothing
happens upon receipt (I run gre over ipsec, so gre interface doesn't see
any incoming packets). Last revision I have with ipsec working (probably
not the last in general) was r282461. Could please someone look into this ?

Thanks.
Eugene.