From owner-freebsd-users-jp@freebsd.org Tue Sep 12 00:21:26 2017 Return-Path: Delivered-To: freebsd-users-jp@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 68ABCE09C0D for ; Tue, 12 Sep 2017 00:21:26 +0000 (UTC) (envelope-from ilovefd@topaz.plala.or.jp) Received: from msa02y.plala.or.jp (msa02.plala.or.jp [58.93.240.2]) by mx1.freebsd.org (Postfix) with ESMTP id 1077E7D7A3 for ; Tue, 12 Sep 2017 00:21:24 +0000 (UTC) (envelope-from ilovefd@topaz.plala.or.jp) Received: from msc01.plala.or.jp ([172.23.12.31]) by msa01y.plala.or.jp with ESMTP id <20170912001732.CGE9031.msa01y.plala.or.jp@msc01.plala.or.jp> for ; Tue, 12 Sep 2017 09:17:32 +0900 Received: from [192.168.22.65] (really [153.167.4.99]) by msc01.plala.or.jp with ESMTP id <20170912001732.GIOY5677.msc01.plala.or.jp@[192.168.22.65]> for ; Tue, 12 Sep 2017 09:17:32 +0900 From: ilovefd Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) Message-Id: <4C500F21-4165-49D9-A714-87B2FC9D24A6@topaz.plala.or.jp> Date: Tue, 12 Sep 2017 09:17:31 +0900 To: freebsd-users-jp@freebsd.org X-Mailer: Apple Mail (2.3273) X-VirusScan: Outbound; msa01m; Tue, 12 Sep 2017 09:17:32 +0900 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: base64 X-Content-Filtered-By: Mailman/MimeDel 2.1.23 Subject: [FreeBSD-users-jp 96111] =?utf-8?q?Freebsd11=2E1=E3=81=A7portmaster_-d_x11/slim_x11-theme?= =?utf-8?b?cy9zbGltLXRoZW1lc+OBjOOCqOODqeODvOOBq+OBquOCiuOBvuOBmeOBjA==?= =?utf-8?b?5Zue6YG/5pa55rOV44Gv44Gq44GE44Gn44GX44KH44GG44GL77yf?= X-BeenThere: freebsd-users-jp@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Discussion relevant to FreeBSD communities in Japan List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Sep 2017 00:21:26 -0000 6KW/5p2R44Go55Sz44GX44G+44GZDQoNCuOBiuS4luipseOBq+OBquOCiuOBvuOBmeOAgg0KDQrk u6XkuIvmg4XloLHjgYzjgYLjgozjgbDliqnjgYvjgorjgb7jgZnjgIINCg0KTS9C44Gv44Ku44Ks 44OQ44Kk44OI44GuTjMwNTBOLUQzSOOBquOBruOBp+OBmeOBjA0KDQpmcmVlYnNkMTEuMeOBruaW sOimj+OCpOODs+OCueODiOODvOODq+OBpw0KDQpodHRwOi8vc2lsdmVyc2Fjay5teS5jb29jYW4u anAvYnNkL21hdGUxMHgtYnVpbGRtYXRlLmh0bSA8aHR0cDovL3NpbHZlcnNhY2subXkuY29vY2Fu LmpwL2JzZC9tYXRlMTB4LWJ1aWxkbWF0ZS5odG0+DQoNCuOCkuimi+OBpuOAgU1BVEXjgpLlhaXj gozjgojjgYbjgajjgZfjgabjgYTjgovjga7jgafjgZnjgYzjgIFwa2fjgafjgqjjg6njg7zjgavj garjgaPjgZ/jga7jgacNCg0KcG9ydG1hc3RlciAtZCB4MTEvc2xpbSB4MTEtdGhlbWVzL3NsaW0t dGhlbWVzDQoNCuOCkuOChOOCi+OBqA0KDQpOYXNhLTIuMTMuMDEtdGFyLnh644CA44KE44KJ44CA bGlianBlZy10dXJiby0xLjUuMi50YXIuZ3rjgIDjgoTjgonjgYxmZXRjaOOBp+OBjeOBquOBhOOB qOiogOOBo+OBpuaAkuOBo+OBpuOBj+OCi+OBruOBp+OBmeOBjOOAgQ0KDQpsaW51eGZyb21zY3Jh dGNo44GC44Gf44KK44Gn5ou+44Gj44Gm44GN44GmL3Vycy9wb3J0cy9kaXN0ZmlsZXPjgavnva7j gYTjgabjgoTjgovjgajlsJHjgZfjga/pgLLjgoDjga7jgafjgZnjgYxsaWJqcGVnLXR1cmJvLTEu NS4yLnRhci5neuOBp+OBr+ihjOOBjeipsOOBo+OBpuOBl+OBvuOBhOOBvuOBl+OBn+OAgue9ruOB hOOBpuOCgue9ruOBhOOBpuOCgua2iOWOu+OBleOCjOOCi+OCiOOBhuOBp+OAgeaMmeWPpeOBruae nOOBpuOBq+OAjOimi+OBpOOBi+OCieOBquOBhOOAjeOBqOaAkuOBo+OBpuOBjeOBvuOBmeOAgg0K DQrjgrXjg53jg7zjg4jjgYzmiZPjgaHliIfjgonjgozjgZ/jgajjgYTjgYbjgZPjgajjgarjga7j gafjgZfjgofjgYbjgYvvvJ8= From owner-freebsd-users-jp@freebsd.org Tue Sep 12 02:57:29 2017 Return-Path: Delivered-To: freebsd-users-jp@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 754ADE11A9A for ; Tue, 12 Sep 2017 02:57:29 +0000 (UTC) (envelope-from oniuda@oni.gr.jp) Received: from zaku.oni.gr.jp (zaku.oni.gr.jp [210.152.8.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 28A9781DD1 for ; Tue, 12 Sep 2017 02:57:28 +0000 (UTC) (envelope-from oniuda@oni.gr.jp) Received: from localhost (localhost [127.0.0.1]) by zaku.oni.gr.jp (8.15.2/8.15.2) with ESMTP id v8C2m9em045938 for ; Tue, 12 Sep 2017 11:48:09 +0900 (JST) (envelope-from oniuda@oni.gr.jp) Date: Tue, 12 Sep 2017 11:48:06 +0900 (JST) Message-Id: <20170912.114806.696099016890246140.oniuda@oni.gr.jp> To: freebsd-users-jp@freebsd.org From: Koh-ichi Oniuda (=?iso-2022-jp?B?GyRCNTRAOEVEOUAwbBsoQg==?=) X-Mailer: Mew version 6.7 on Emacs 25.1 / Mule 6.0 (HANACHIRUSATO) Mime-Version: 1.0 Content-Type: Text/Plain; charset=iso-2022-jp Content-Transfer-Encoding: 7bit Subject: [FreeBSD-users-jp 96112] IPSec on FreeBSD 11.1-RELEASE-p1 X-BeenThere: freebsd-users-jp@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Discussion relevant to FreeBSD communities in Japan List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Sep 2017 02:57:29 -0000 鬼生田です。  /usr/ports/security/ipsec-toolsをFreeBSD 11.1-RELEASE-p1にインストール し、2台のFreeBSD間でIPSec VPNを作ろうとしています。ipsec-toolsはFreeBSD4 時代から、FreeBSD9まで使用し続けているのですが、FreeBSD11では、同じような 設定でつながりません。 racoonのログに以下のエラー(pfkey UPDATE failed: No such process)が記録 されます。 DEBUG: pk_recv: retry[0] recv() DEBUG: got pfkey UPDATE message ERROR: pfkey UPDATE failed: No such process DEBUG: pk_recv: retry[0] recv() DEBUG: got pfkey ADD message INFO: IPsec-SA established: ESP 192.168.16.3[500]->192.168.16.2[500] spi=40609554(0x26ba712) また、以下のカーネルメッセージが表示されます。 key_acqdone: ACQ 3802949569 is not found.key_acqdone: ACQ 528895646 is not found.key_update: invalid state. key_update: saidx mismatched for SPI 133341799key_add: invalid state. FreeBSD 9の時は、 pfkey UPDATE failed: No such processのエラーは出ていま せん。 192.168.16.3 のサーバ側のsetkey # setkey -D 192.168.16.3 192.168.16.2 esp mode=any spi=85290753(0x05156f01) reqid=0(0x00000000) E: 3des-cbc 1aaa44a3 0895b138 999b20f7 09ba3b7d 55f47cf8 a573bfaa A: hmac-sha1 2932e89a ca480ba0 87cabbaf 40a67c76 b5768e8c seq=0x00000000 replay=4 flags=0x00000000 state=mature created: Sep 12 11:39:02 2017 current: Sep 12 11:39:03 2017 diff: 1(s) hard: 28800(s) soft: 23040(s) last: hard: 0(s) soft: 0(s) current: 0(bytes) hard: 0(bytes) soft: 0(bytes) allocated: 0 hard: 0 soft: 0 sadb_seq=1 pid=9023 refcnt=1 192.168.16.2 192.168.16.3 esp mode=tunnel spi=109578375(0x06880887) reqid=0(0x00000000) seq=0x00000000 replay=0 flags=0x00000000 state=larval created: Sep 12 11:39:02 2017 current: Sep 12 11:39:03 2017 diff: 1(s) hard: 0(s) soft: 0(s) last: hard: 0(s) soft: 0(s) current: 0(bytes) hard: 0(bytes) soft: 0(bytes) allocated: 0 hard: 0 soft: 0 sadb_seq=0 pid=9023 refcnt=1 となりSPIの交換ができている様ですが、192.168.16.2 192.168.16.3側の 情報が不十分で 2017-09-12 11:39:33: ERROR: 192.168.16.2 give up to get IPsec-SA due to time up to wait. となります。 以下にも同様の現象があるようです。 https://groups.google.com/forum/#!topic/fido7.ru.unix.bsd/YhEK6_50fCs 対応策ありましたら、ご教授ください。 --- Oniuda