Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 1 Jan 2015 23:40:36 +0000
From:      "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>
To:        Chris Watson <bsdunix44@gmail.com>
Cc:        freebsd-stable@freebsd.org
Subject:   Re: IPSec and racoon issue...
Message-ID:  <620F82BB-1D53-4F2A-9C67-51D5EC3C3144@lists.zabbadoz.net>
In-Reply-To: <CAHnbxSQuFqHqLLP%2Bh62mChN4hnP9gkWb%2BtKFoeYpAxoo9zqpHw@mail.gmail.com>
References:  <CAHnbxSQuFqHqLLP%2Bh62mChN4hnP9gkWb%2BtKFoeYpAxoo9zqpHw@mail.gmail.com>
index | next in thread | previous in thread | raw e-mail 


> On 01 Jan 2015, at 04:36 , Chris Watson <bsdunix44@gmail.com> wrote:
> 
> So I have been running a stable ipsec tunnel between my MacBook Pro and a
> FreeBSD 10-stable server, I just rebuilt world today and raccoon has become
> pissy and refuses to start, and as usual with ipsec, debugging it is like
> winning gold in the pain olympics. So here's the issue, my working config
> has not changed at all. I'm simply running a new FreeBSD 10-stable r276472
> world + kernel. I have looked all over at UPDATING, source commits to
> stable, google, etc and I can’t figure this error out.

Do you know the old revision as well, to limit the search time?


> Anytime I try to start racoon it looks like it starts but it doesn't. The
> only error I can get is to run it with "racoon -F -ddd -f
> /usr/local/etc/racoon/racoon.conf", and I get the following
> 
> "ERROR: libipsec failed pfkey open (Address family not supported by
> protocol family)
> racoon: failed to initialize pfkey socket"
> 
> Doing a "setkey -F" produces "pfkey_open: Address family not supported by
> protocol family”


That smells like a raw socket issue to me.   But the only changes there I can remember is that someone changed the source address selection but nothing that would trigger this.

You could turn net.inet.ipsec.debug to 0xff and check that there is nothing in dmesg -a after trying to start racoon, just to rule that out.

Also could you paste the output of `sysctl -a | grep ipsec` and `sysctl -a net.key` just trying to make sure … ;-)


— 
Bjoern A. Zeeb                                  Charles Haddon Spurgeon:
"Friendship is one of the sweetest joys of life.  Many might have failed
 beneath the bitterness of their trial  had they not found a friend."
help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?620F82BB-1D53-4F2A-9C67-51D5EC3C3144>