From owner-freebsd-current@FreeBSD.ORG Mon Feb 16 05:58:40 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 35BD416A4CE for ; Mon, 16 Feb 2004 05:58:40 -0800 (PST) Received: from transport.cksoft.de (transport.cksoft.de [62.111.66.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id EEC1643D1D for ; Mon, 16 Feb 2004 05:58:39 -0800 (PST) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from transport.cksoft.de (localhost [127.0.0.1]) by transport.cksoft.de (Postfix) with ESMTP id CDCD11FF90A; Mon, 16 Feb 2004 14:58:37 +0100 (CET) Received: by transport.cksoft.de (Postfix, from userid 66) id 011831FF905; Mon, 16 Feb 2004 14:58:35 +0100 (CET) Received: by mail.int.zabbadoz.net (Postfix, from userid 1060) id 0C280154D8; Mon, 16 Feb 2004 13:57:50 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.int.zabbadoz.net (Postfix) with ESMTP id 0182815336; Mon, 16 Feb 2004 13:57:50 +0000 (UTC) Date: Mon, 16 Feb 2004 13:57:50 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@e0-0.zab2.int.zabbadoz.net To: Tobias Roth In-Reply-To: <20040214235426.GA13792@speedy.unibe.ch> Message-ID: References: <20040214174144.GA13215@speedy.unibe.ch> <20040214235426.GA13792@speedy.unibe.ch> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by AMaViS cksoft-s20020300-20031204bz on transport.cksoft.de cc: Bruce M Simpson cc: freebsd-current@freebsd.org Subject: Re: state of ipsec X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Feb 2004 13:58:40 -0000 On Sun, 15 Feb 2004, Tobias Roth wrote: > > Are you able to tcpdump ESP/AH traffic on both peers? Can you verify that > > the path between both peers doesn't filter this traffic? > > that's what i was trying to say. tcpdump does not show any outgoing packets > when doing phase 1, no packets leave the interface. it looks like this: > security policies are correctly set, racoon is configured correctly and > running, i start pinging, and no packets leave the interface. i drop the > security policies (/etc/rc.d/ipsec forcestop), and the pings immediately > get through. in racoon output this looks like phase 1 gets initiated but > since no reply packets come back, it timeouts. i have no packet filter > running. ok before any more people tell us that it does not work can you please give me the following details: a) what branch/date or release are you seeing these problems ? 5.2R is broken b) if you are using 5.2R can you please try 5.2.1-RC2/HEAD so that we definitively know that it is (not) another problem from those we had seen and almost fixed around 5.2R and report if it works there with the same setup ? c) if it still does not work please let me know. Additionally: if anybody is using 5.2.1-RC2/HEAD and had seen the problem before but can no logner reproduce it after the update please let us know too. -- Greetings Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT 56 69 73 69 74 http://www.zabbadoz.net/