From owner-freebsd-stable@FreeBSD.ORG Thu Jan 1 23:41:18 2015 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 6249B2BE for ; Thu, 1 Jan 2015 23:41:18 +0000 (UTC) Received: from mx1.sbone.de (mx1.sbone.de [IPv6:2a01:4f8:130:3ffc::401:25]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "mx1.sbone.de", Issuer "SBone.DE" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 1702211B5 for ; Thu, 1 Jan 2015 23:41:17 +0000 (UTC) Received: from mail.sbone.de (mail.sbone.de [IPv6:fde9:577b:c1a9:31::2013:587]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx1.sbone.de (Postfix) with ESMTPS id 0551925D3892; Thu, 1 Jan 2015 23:41:13 +0000 (UTC) Received: from content-filter.sbone.de (content-filter.sbone.de [IPv6:fde9:577b:c1a9:31::2013:2742]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPS id 0E1A8C7709A; Thu, 1 Jan 2015 23:41:13 +0000 (UTC) X-Virus-Scanned: amavisd-new at sbone.de Received: from mail.sbone.de ([IPv6:fde9:577b:c1a9:31::2013:587]) by content-filter.sbone.de (content-filter.sbone.de [fde9:577b:c1a9:31::2013:2742]) (amavisd-new, port 10024) with ESMTP id eloIsaosLVsE; Thu, 1 Jan 2015 23:41:11 +0000 (UTC) Received: from [IPv6:fde9:577b:c1a9:4410:5c3c:d71c:3abc:d59] (unknown [IPv6:fde9:577b:c1a9:4410:5c3c:d71c:3abc:d59]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPSA id 0A2EBC77070; Thu, 1 Jan 2015 23:41:09 +0000 (UTC) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 8.1 \(1993\)) Subject: Re: IPSec and racoon issue... From: "Bjoern A. Zeeb" In-Reply-To: Date: Thu, 1 Jan 2015 23:40:36 +0000 Content-Transfer-Encoding: quoted-printable Message-Id: <620F82BB-1D53-4F2A-9C67-51D5EC3C3144@lists.zabbadoz.net> References: To: Chris Watson X-Mailer: Apple Mail (2.1993) Cc: freebsd-stable@freebsd.org X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Jan 2015 23:41:18 -0000 > On 01 Jan 2015, at 04:36 , Chris Watson wrote: >=20 > So I have been running a stable ipsec tunnel between my MacBook Pro = and a > FreeBSD 10-stable server, I just rebuilt world today and raccoon has = become > pissy and refuses to start, and as usual with ipsec, debugging it is = like > winning gold in the pain olympics. So here's the issue, my working = config > has not changed at all. I'm simply running a new FreeBSD 10-stable = r276472 > world + kernel. I have looked all over at UPDATING, source commits to > stable, google, etc and I can=E2=80=99t figure this error out. Do you know the old revision as well, to limit the search time? > Anytime I try to start racoon it looks like it starts but it doesn't. = The > only error I can get is to run it with "racoon -F -ddd -f > /usr/local/etc/racoon/racoon.conf", and I get the following >=20 > "ERROR: libipsec failed pfkey open (Address family not supported by > protocol family) > racoon: failed to initialize pfkey socket" >=20 > Doing a "setkey -F" produces "pfkey_open: Address family not supported = by > protocol family=E2=80=9D That smells like a raw socket issue to me. But the only changes there = I can remember is that someone changed the source address selection but = nothing that would trigger this. You could turn net.inet.ipsec.debug to 0xff and check that there is = nothing in dmesg -a after trying to start racoon, just to rule that out. Also could you paste the output of `sysctl -a | grep ipsec` and `sysctl = -a net.key` just trying to make sure =E2=80=A6 ;-) =E2=80=94=20 Bjoern A. Zeeb Charles Haddon Spurgeon: "Friendship is one of the sweetest joys of life. Many might have failed beneath the bitterness of their trial had they not found a friend."