From owner-freebsd-current@freebsd.org Sun Jul 26 18:40:05 2015 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D09909ABD37 for ; Sun, 26 Jul 2015 18:40:05 +0000 (UTC) (envelope-from gnn@neville-neil.com) Received: from smtp.hungerhost.com (smtp.hungerhost.com [216.38.53.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id AA295D5B for ; Sun, 26 Jul 2015 18:40:05 +0000 (UTC) (envelope-from gnn@neville-neil.com) Received: from cpe-66-108-109-228.nyc.res.rr.com ([66.108.109.228]:56744 helo=[192.168.1.114]) by vps.hungerhost.com with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.85) (envelope-from ) id 1ZJQqA-0002Y4-A0; Sun, 26 Jul 2015 14:40:02 -0400 From: "George Neville-Neil" To: "Alexandr Krivulya" Cc: freebsd-current@freebsd.org, jmg@funkthat.com Subject: Re: IPSEC stop works after r285336 Date: Sun, 26 Jul 2015 14:39:51 -0400 Message-ID: <16ADAE9E-1CE1-4E52-8C68-BBE8CCB6B164@neville-neil.com> In-Reply-To: <55B323F5.3030200@shurik.kiev.ua> References: <55B099F6.8000004@shurik.kiev.ua> <20150724213839.GP78154@funkthat.com> <55B323F5.3030200@shurik.kiev.ua> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-Mailer: MailMate (1.9.2r5107) X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - vps.hungerhost.com X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - neville-neil.com X-Get-Message-Sender-Via: vps.hungerhost.com: authenticated_id: gnn@neville-neil.com X-Source: X-Source-Args: X-Source-Dir: X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Jul 2015 18:40:06 -0000 On 25 Jul 2015, at 1:51, Alexandr Krivulya wrote: > 25.07.2015 00:38, John-Mark Gurney пишет: >> Alexandr Krivulya wrote this message on Thu, Jul 23, 2015 at 10:38 >> +0300: >>> I have IPSEC tunnel inside l2tp tunnel via mpd. After r285536 I see >>> only >>> outgoing esp packets on ng interface: >> This change is -stable, not -current, but the change referenced below >> is -current... Which one are you running? >> >> Also, the only ipsec related change after r285535 is r285770, though >> that probably won't effect it... Could you possibly narrow the >> change >> that broke things? >> >>> root@thinkpad:/usr/src # tcpdump -i ng0 >>> tcpdump: verbose output suppressed, use -v or -vv for full protocol >>> decode >>> listening on ng0, link-type NULL (BSD loopback), capture size 262144 >>> bytes >>> 10:35:27.331886 IP 10.10.10.2 > 10.10.10.1: >>> ESP(spi=0x03081e58,seq=0x9a5), length 140 >>> 10:35:28.371707 IP 10.10.10.2 > 10.10.10.1: >>> ESP(spi=0x03081e58,seq=0x9a6), length 140 >>> 10:35:29.443536 IP 10.10.10.2 > 10.10.10.1: >>> ESP(spi=0x03081e58,seq=0x9a7), length 140 >>> 10:35:30.457370 IP 10.10.10.2 > 10.10.10.1: >>> ESP(spi=0x03081e58,seq=0x9a8), length 140 >>> 10:35:31.475606 IP 10.10.10.2 > 10.10.10.1: >>> ESP(spi=0x03081e58,seq=0x9a9), length 140 >>> 10:35:31.622315 IP 10.10.10.1.isakmp > 10.10.10.2.isakmp: isakmp: >>> phase >>> 2/others ? inf[E] >>> 10:35:31.622544 IP 10.10.10.2.isakmp > 10.10.10.1.isakmp: isakmp: >>> phase >>> 2/others ? inf[E] >>> 10:35:31.622658 IP 10.10.10.2.isakmp > 10.10.10.1.isakmp: isakmp: >>> phase >>> 2/others ? inf[E] >>> 10:35:31.623933 IP 10.10.10.1.isakmp > 10.10.10.2.isakmp: isakmp: >>> phase >>> 2/others ? inf[E] >>> 10:35:32.492349 IP 10.10.10.2 > 10.10.10.1: >>> ESP(spi=0x03081e58,seq=0x9aa), length 140 >>> 10:35:33.509346 IP 10.10.10.2 > 10.10.10.1: >>> ESP(spi=0x03081e58,seq=0x9ab), length 140 >>> 10:35:34.527187 IP 10.10.10.2 > 10.10.10.1: >>> ESP(spi=0x03081e58,seq=0x9ac), length 140 >>> 10:35:35.539600 IP 10.10.10.2 > 10.10.10.1: >>> ESP(spi=0x03081e58,seq=0x9ad), length 140 >>> >>> With r285535 all works fine. > > > Right commit is in subject - r285336. There were two IPsec related commits after 285336. Either 285347 or 285526 could be the fix. If you're OK after those two commits then the system is in correct working order. Best, George