From owner-freebsd-current@FreeBSD.ORG  Mon Oct  4 16:25:12 2004
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id ADB5F16A4CE
	for <freebsd-current@freebsd.org>;
	Mon,  4 Oct 2004 16:25:12 +0000 (GMT)
Received: from transport.cksoft.de (transport.cksoft.de [62.111.66.27])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E13A443D41
	for <freebsd-current@freebsd.org>;
	Mon,  4 Oct 2004 16:25:11 +0000 (GMT)
	(envelope-from bzeeb-lists@lists.zabbadoz.net)
Received: from transport.cksoft.de (localhost [127.0.0.1])
	by transport.cksoft.de (Postfix) with ESMTP
	id D0F651FF931; Mon,  4 Oct 2004 18:25:07 +0200 (CEST)
Received: by transport.cksoft.de (Postfix, from userid 66)
	id 85C1A1FF91D; Mon,  4 Oct 2004 18:25:05 +0200 (CEST)
Received: by mail.int.zabbadoz.net (Postfix, from userid 1060)
	id ECD9D15710; Mon,  4 Oct 2004 16:20:42 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by mail.int.zabbadoz.net (Postfix) with ESMTP
	id EA12F1570F; Mon,  4 Oct 2004 16:20:42 +0000 (UTC)
Date: Mon, 4 Oct 2004 16:20:42 +0000 (UTC)
From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>
X-X-Sender: bz@e0-0.zab2.int.zabbadoz.net
To: Sergey Smitienko <hunter@comsys.com.ua>
In-Reply-To: <027201c4aa0e$d6021020$13caa8c0@aa.com>
Message-ID: <Pine.BSF.4.53.0410041611160.46049@e0-0.zab2.int.zabbadoz.net>
References: <027201c4aa0e$d6021020$13caa8c0@aa.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Virus-Scanned: by AMaViS cksoft-s20020300-20031204bz on transport.cksoft.de
cc: freebsd-current@freebsd.org
Subject: Re: FreeBSD 5.3 IPSec
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Oct 2004 16:25:12 -0000

On Mon, 4 Oct 2004, Sergey Smitienko wrote:

Hi,

> I'm having problem with an IPSec connection between two test hosts running
> 5.3-BETA3 using isakmpd.
> Both kernels are GENERIC with IPSEC/IPSEC_ESP options additions. As far as I
> understand from
> the isakmpd debug output it does negotiate a connection and then fails to
> setup kernel to use encryption
> between this two hosts.

looks like the same problem a lot of racoon users had seen. It should
go away if you update to BETA7 or apply following patch:
http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netkey/key.c.diff?r1=1.65.2.1&r2=1.65.2.2

If updating or patching is not an option you need to at least compile
a new kernel. The workaround was to compile the kernel with MSIZE=512 I
think. You should be able to find it in the archives of last month
from current@.

-- 
Greetings
Bjoern A. Zeeb				bzeeb at Zabbadoz dot NeT