From owner-freebsd-stable@FreeBSD.ORG Fri Jan 2 02:27:24 2015 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id D97C4E7B for ; Fri, 2 Jan 2015 02:27:24 +0000 (UTC) Received: from mx1.sbone.de (bird.sbone.de [46.4.1.90]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "mx1.sbone.de", Issuer "SBone.DE" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 8B4B964824 for ; Fri, 2 Jan 2015 02:27:23 +0000 (UTC) Received: from mail.sbone.de (mail.sbone.de [IPv6:fde9:577b:c1a9:31::2013:587]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx1.sbone.de (Postfix) with ESMTPS id EF16025D3A42; Fri, 2 Jan 2015 02:27:20 +0000 (UTC) Received: from content-filter.sbone.de (content-filter.sbone.de [IPv6:fde9:577b:c1a9:31::2013:2742]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPS id 23A48C770F1; Fri, 2 Jan 2015 02:27:20 +0000 (UTC) X-Virus-Scanned: amavisd-new at sbone.de Received: from mail.sbone.de ([IPv6:fde9:577b:c1a9:31::2013:587]) by content-filter.sbone.de (content-filter.sbone.de [fde9:577b:c1a9:31::2013:2742]) (amavisd-new, port 10024) with ESMTP id GbPn9ZQvIU1A; Fri, 2 Jan 2015 02:27:18 +0000 (UTC) Received: from [IPv6:fde9:577b:c1a9:4410:5c3c:d71c:3abc:d59] (unknown [IPv6:fde9:577b:c1a9:4410:5c3c:d71c:3abc:d59]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPSA id 6C25CC77042; Fri, 2 Jan 2015 02:27:17 +0000 (UTC) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 8.1 \(1993\)) Subject: Re: IPSec and racoon issue... From: "Bjoern A. Zeeb" In-Reply-To: Date: Fri, 2 Jan 2015 02:26:44 +0000 Content-Transfer-Encoding: quoted-printable Message-Id: <7A7DD8BC-D990-4C6A-8452-F8336ECB7D08@lists.zabbadoz.net> References: <620F82BB-1D53-4F2A-9C67-51D5EC3C3144@lists.zabbadoz.net> To: Chris Watson X-Mailer: Apple Mail (2.1993) Cc: freebsd-stable@freebsd.org X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Jan 2015 02:27:24 -0000 > On 02 Jan 2015, at 02:12 , Chris Watson wrote: >=20 > Bjoern, >=20 > Well now the puzzle deepens. I noticed about 5 minutes before your = email came through I have NO *ipsec* or *net.key* sysctls.=20 >=20 > It's like the crypto subsystem isn't getting pulled in to my kernel = compile, even though its in the config. Whaaaat? I wonder if my src tree = is jacked. But how could the kernel build if it didn't have all the bits = that are in my kernel config? Maybe I pulled a src update in the middle = of someones commit? This is really weird. >=20 > Kernel Config of the server in question: >=20 > # $FreeBSD: stable/10/sys/amd64/conf/GENERIC 272313 2014-09-30 = 16:55:19Z bz $ >=20 > cpu HAMMER > ident PRIYANKA >=20 > =E2=80=A6. > # IPSec support > options IPSEC # Enable IPSec support > device crypto # Use the Crypto framework > device cryptodev=20 > options IPSEC_FILTERTUNNEL # Allowing packet filtering on = tunneled packets > device enc # Support for the = encapsulating interface Good. So this is a kernel build/install issue after all. You sure you did build and installed the right kernel config (did you = save this with a different name than GENERIC?); check uname for what = you are running. =E2=80=94=20 Bjoern A. Zeeb Charles Haddon Spurgeon: "Friendship is one of the sweetest joys of life. Many might have failed beneath the bitterness of their trial had they not found a friend."