From owner-freebsd-stable@FreeBSD.ORG Fri Jan 2 02:59:30 2015 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 018B4355 for ; Fri, 2 Jan 2015 02:59:29 +0000 (UTC) Received: from mail-ie0-x235.google.com (mail-ie0-x235.google.com [IPv6:2607:f8b0:4001:c03::235]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id AEB2E64DBC for ; Fri, 2 Jan 2015 02:59:29 +0000 (UTC) Received: by mail-ie0-f181.google.com with SMTP id rl12so14514959iec.40 for ; Thu, 01 Jan 2015 18:59:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=++Z9vpp2AiZfff0ODcOZhDwokZnW/U/qX21ICFzvQeA=; b=eYcd/DXlF+F+WggZXjbwK672u9U9ClI6Ye+mu+O58B4OebT9yuBdHCPixvO0Qz7e0r P2WJ93G8mMNKrcdNezs7lAKDF6qErGh8al+kDqpUFVY9a9/QRqZdPmEqp6xVc8pkz/Oj PWbn2CAP1SdgC6aMvc11XJEWIYctnj9y2mZIRg1OKJ8esptaj/WgWM5rdTTRQ2EZNouO ApmdKlXQ1hUfcqOXHgw1vbZdWB+P0HDzxOOii9u1jawtVoC9+iDngjPn6brIBxrFHt9a iTgXP4eQUzoLej/C3KymSNCQpOyrfJftpw54hkhqvVuVNk8j8UxX1zcldcQ84WertlmG 1glw== MIME-Version: 1.0 X-Received: by 10.107.10.207 with SMTP id 76mr65509087iok.78.1420167568876; Thu, 01 Jan 2015 18:59:28 -0800 (PST) Received: by 10.64.126.133 with HTTP; Thu, 1 Jan 2015 18:59:28 -0800 (PST) In-Reply-To: <7A7DD8BC-D990-4C6A-8452-F8336ECB7D08@lists.zabbadoz.net> References: <620F82BB-1D53-4F2A-9C67-51D5EC3C3144@lists.zabbadoz.net> <7A7DD8BC-D990-4C6A-8452-F8336ECB7D08@lists.zabbadoz.net> Date: Thu, 1 Jan 2015 20:59:28 -0600 Message-ID: Subject: Re: IPSec and racoon issue... From: Chris Watson To: "Bjoern A. Zeeb" Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 Cc: freebsd-stable@freebsd.org X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Jan 2015 02:59:30 -0000 Horribly, embarrassingly, humbly, I have to confess to doing exactly what you were just about to drop the hammer on me for doing. My memory from last night is a little fuzzy from NYE. But after thinking about it I think I used "MYKERNCONF=3D" instead of "KERNCONF=3D" while building the kernel. An= d sure enough you know exactly what happens then. A GENERIC kernel. It's been a while since I have done anything that dumb. I didn't even think to check the kernel. I kept looking at everything else, src, UPDATING, commits, etc. Now I am going to have to go back to IRC and help 10 others with FreeBSD issues as penance. Thanks for the gentle clue stick slap in the head Bjoern! Chris On Thu, Jan 1, 2015 at 8:26 PM, Bjoern A. Zeeb < bzeeb-lists@lists.zabbadoz.net> wrote: > > > On 02 Jan 2015, at 02:12 , Chris Watson wrote: > > > > Bjoern, > > > > Well now the puzzle deepens. I noticed about 5 minutes before your emai= l > came through I have NO *ipsec* or *net.key* sysctls. > > > > It's like the crypto subsystem isn't getting pulled in to my kernel > compile, even though its in the config. Whaaaat? I wonder if my src tree = is > jacked. But how could the kernel build if it didn't have all the bits tha= t > are in my kernel config? Maybe I pulled a src update in the middle of > someones commit? This is really weird. > > > > Kernel Config of the server in question: > > > > # $FreeBSD: stable/10/sys/amd64/conf/GENERIC 272313 2014-09-30 16:55:19= Z > bz $ > > > > cpu HAMMER > > ident PRIYANKA > > > > =E2=80=A6. > > > # IPSec support > > options IPSEC # Enable IPSec support > > device crypto # Use the Crypto framework > > device cryptodev > > options IPSEC_FILTERTUNNEL # Allowing packet filtering on > tunneled packets > > device enc # Support for the encapsulating > interface > > Good. So this is a kernel build/install issue after all. > > You sure you did build and installed the right kernel config (did you sav= e > this with a different name than GENERIC?); check uname for what you are > running. > > =E2=80=94 > Bjoern A. Zeeb Charles Haddon Spurgeon: > "Friendship is one of the sweetest joys of life. Many might have failed > beneath the bitterness of their trial had they not found a friend." > >