Date: Mon, 16 Feb 2004 13:57:50 +0000 (UTC) From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> To: Tobias Roth <roth@iam.unibe.ch> Cc: freebsd-current@freebsd.org Subject: Re: state of ipsec Message-ID: <Pine.BSF.4.53.0402161344450.32493@e0-0.zab2.int.zabbadoz.net> In-Reply-To: <20040214235426.GA13792@speedy.unibe.ch> References: <20040214174144.GA13215@speedy.unibe.ch> <20040214235426.GA13792@speedy.unibe.ch>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 15 Feb 2004, Tobias Roth wrote: > > Are you able to tcpdump ESP/AH traffic on both peers? Can you verify that > > the path between both peers doesn't filter this traffic? > > that's what i was trying to say. tcpdump does not show any outgoing packets > when doing phase 1, no packets leave the interface. it looks like this: > security policies are correctly set, racoon is configured correctly and > running, i start pinging, and no packets leave the interface. i drop the > security policies (/etc/rc.d/ipsec forcestop), and the pings immediately > get through. in racoon output this looks like phase 1 gets initiated but > since no reply packets come back, it timeouts. i have no packet filter > running. ok before any more people tell us that it does not work can you please give me the following details: a) what branch/date or release are you seeing these problems ? 5.2R is broken b) if you are using 5.2R can you please try 5.2.1-RC2/HEAD so that we definitively know that it is (not) another problem from those we had seen and almost fixed around 5.2R and report if it works there with the same setup ? c) if it still does not work please let me know. Additionally: if anybody is using 5.2.1-RC2/HEAD and had seen the problem before but can no logner reproduce it after the update please let us know too. -- Greetings Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT 56 69 73 69 74 http://www.zabbadoz.net/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.53.0402161344450.32493>