From owner-freebsd-hackers Wed May 10 18:27:16 2000 Delivered-To: freebsd-hackers@freebsd.org Received: from apollo.backplane.com (apollo.backplane.com [216.240.41.2]) by hub.freebsd.org (Postfix) with ESMTP id F1E4137BA67 for ; Wed, 10 May 2000 18:27:11 -0700 (PDT) (envelope-from dillon@apollo.backplane.com) Received: (from dillon@localhost) by apollo.backplane.com (8.9.3/8.9.1) id SAA61600; Wed, 10 May 2000 18:27:11 -0700 (PDT) (envelope-from dillon) Date: Wed, 10 May 2000 18:27:11 -0700 (PDT) From: Matthew Dillon Message-Id: <200005110127.SAA61600@apollo.backplane.com> To: hackers@FreeBSD.ORG Subject: ipsec 'replay' syslog error messages after reboot of one host Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Anybody an ipsec guru? I've setup an ipsec transport between two hosts, A and B on an unsecure network, the setkey configuration file is included below. It works fine until I reboot one host (A). After it has rebooted any packets I send from A to B causes B to report 'replay packet' errors and for no packets to get through. I have to re-run setkey on B in order for things to work again. The question is: What am I forgetting to do? Or is this a bug in our IPSEC implementation? May 10 18:15:05 air /kernel: replay packet in IPv4 ESP input: packet(SPI=65537 s rc=192.168.254.28 dst=192.168.254.29) SA(SPI=65537 src=192.168.254.28 dst=192.16 8.254.29) May 10 18:15:41 air /kernel: replay packet in IPv4 ESP input: packet(SPI=65537 s rc=192.168.254.28 dst=192.168.254.29) SA(SPI=65537 src=192.168.254.28 dst=192.16 8.254.29) -Matt Matthew Dillon spdflush ; flush ; add 192.168.254.28 192.168.254.29 esp 0x10001 -E des-cbc "password" -A hmac-md5 "passwordpasswo!!" ; add 192.168.254.29 192.168.254.28 esp 0x10001 -E des-cbc "password" -A hmac-md5 "passwordpasswo!!" ; spdadd 192.168.254.28/32[any] 192.168.254.29/32[any] any -P out ipsec esp/tunnel/192.168.254.28-192.168.254.29/require ; To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message