From owner-svn-src-stable-11@freebsd.org  Tue Apr  4 13:24:07 2017
Return-Path: <owner-svn-src-stable-11@freebsd.org>
Delivered-To: svn-src-stable-11@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 41A49D2DAF2;
 Tue,  4 Apr 2017 13:24:07 +0000 (UTC) (envelope-from mike@sentex.net)
Received: from smarthost2.sentex.ca (smarthost2.sentex.ca [205.211.164.50])
 (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits))
 (Client CN "smarthost.sentex.ca", Issuer "smarthost.sentex.ca" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 0E4B66A9;
 Tue,  4 Apr 2017 13:24:06 +0000 (UTC) (envelope-from mike@sentex.net)
Received: from lava.sentex.ca (lava.sentex.ca [IPv6:2607:f3e0:0:5::11])
 by smarthost2.sentex.ca (8.15.2/8.15.2) with ESMTPS id v34DO0C6006976
 (version=TLSv1 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO);
 Tue, 4 Apr 2017 09:24:00 -0400 (EDT) (envelope-from mike@sentex.net)
Received: from [IPv6:2607:f3e0:0:4:5c30:ed1b:e203:c55c]
 ([IPv6:2607:f3e0:0:4:5c30:ed1b:e203:c55c])
 by lava.sentex.ca (8.15.2/8.15.2) with ESMTP id v34DNxPc023432;
 Tue, 4 Apr 2017 09:23:59 -0400 (EDT) (envelope-from mike@sentex.net)
Subject: Re: svn commit: r315514 - in stable/11: . contrib/netcat lib/libipsec
 sbin/ifconfig sbin/ipfw sbin/setkey share/man/man4 sys/conf
 sys/libkern
 sys/modules sys/modules/ipsec sys/modules/tcp/tcpmd5 sys/ne...
To: "Andrey V. Elsukov" <bu7cher@yandex.ru>,
 FreeBSD-STABLE Mailing List <freebsd-stable@freebsd.org>,
 svn-src-stable-11@freebsd.org
References: <201703182204.v2IM4Kfj060263@repo.freebsd.org>
 <7738349f-e89a-d37d-e36f-0a5e18dc4249@sentex.net>
 <cdff758c-e7d7-d22d-512e-2137ba70e78a@yandex.ru>
 <a3ee1736-ca0b-76dc-0561-6bd27dd79071@sentex.net>
 <2aa232b9-df57-3512-ae98-1d4b03bb00d4@yandex.ru>
From: Mike Tancsa <mike@sentex.net>
Organization: Sentex Communications
Message-ID: <6f65e093-cbcb-ff02-3e62-a0aac0c7f303@sentex.net>
Date: Tue, 4 Apr 2017 09:23:47 -0400
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101
 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <2aa232b9-df57-3512-ae98-1d4b03bb00d4@yandex.ru>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Scanned-By: MIMEDefang 2.78
X-BeenThere: svn-src-stable-11@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: SVN commit messages for only the 11-stable src tree
 <svn-src-stable-11.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-stable-11>, 
 <mailto:svn-src-stable-11-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-stable-11/>
List-Post: <mailto:svn-src-stable-11@freebsd.org>
List-Help: <mailto:svn-src-stable-11-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-stable-11>, 
 <mailto:svn-src-stable-11-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Apr 2017 13:24:07 -0000

On 4/4/2017 7:18 AM, Andrey V. Elsukov wrote:
> On 04.04.2017 13:55, Mike Tancsa wrote:
>>> You have many SAs with the same destination address, it seems to me,
>>> that this should not work with old IPsec code, because it uses SA
>>> lookups using only destination address. So, if you have not the same
>>> password for each SA, it should not work.
>>>
>>> Can you try the attached patch?

Thanks, the patch works!  I am able to load all 42 rules now.  I am
going to test them in the lab against a few VMs prior to deployment.

	---Mike

-- 
-------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, mike@sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada   http://www.tancsa.com/