From owner-freebsd-security  Wed Oct 31 22: 5:19 2001
Delivered-To: freebsd-security@freebsd.org
Received: from athena.za.net (athena.za.net [196.30.167.200])
	by hub.freebsd.org (Postfix) with ESMTP id D64AD37B403
	for <freebsd-security@freebsd.org>; Wed, 31 Oct 2001 22:05:15 -0800 (PST)
Received: from jus (helo=localhost)
	by athena.za.net with local-esmtp (Exim 3.22 #1)
	id 15zAvF-000GyO-00; Thu, 01 Nov 2001 08:01:49 +0200
Date: Thu, 1 Nov 2001 08:01:49 +0200 (SAST)
From: Justin Stanford <jus@security.za.net>
X-Sender: jus@athena.za.net
To: Shoichi Sakane <sakane@kame.net>
Cc: freebsd-security@freebsd.org
Subject: Re: Upgrade to 4.4-STABLE introduces IPSec problems..?
In-Reply-To: <20011029231139L.sakane@kame.net>
Message-ID: <Pine.BSF.4.21.0111010800500.17108-100000@athena.za.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Well, I have done as suggested.. all that happens is that the inbound and
output IPSec packet counters go up, but stop when the stream
stalls. Packetflow returns to normal as soon as I flush all IPSec rules on
both machines.

Any ideas..?

--
Justin Stanford
Internet/Network Security & Solutions Consultant
4D Digital Security
http://www.4dds.co.za
Cell: (082) 7402741
E-Mail: jus@security.za.net
PGP Key: http://www.security.za.net/jus-pgp-key.txt

On Mon, 29 Oct 2001, Shoichi Sakane wrote:

> > > freebsd4.4-release has no problem in the transport mode case.
> > > did you have any message in the system log, or did netstat talk anything ?
> > Nothing in the system logs that I could find.. what netstat output
> > specifically are you wanting?
> 
> i recommend you to compare the output of "netstat -s" on the both vpn box,
> between before sending a packet from the vpn to the another one,
> and after the packet goes somewhere.
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message