From owner-freebsd-security Wed Nov 8 8:46:11 2000 Delivered-To: freebsd-security@freebsd.org Received: from aussie.org (hallam.lnk.telstra.net [139.130.54.166]) by hub.freebsd.org (Postfix) with ESMTP id CA48537B4C5 for ; Wed, 8 Nov 2000 08:46:01 -0800 (PST) Received: from frankenputer (frankenputer [172.29.58.2]) by aussie.org (8.11.1/8.11.1) with SMTP id eA8GjiV01486 for ; Thu, 9 Nov 2000 03:45:58 +1100 (EST) (envelope-from casonc@netplex.aussie.org) Message-ID: <015601c049a3$5dd17980$023a1dac@dsat.net.au> From: "Chris Cason" To: Subject: IPSEC tunnels fail with -stable kernel? Date: Thu, 9 Nov 2000 03:44:56 +1100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, I'm in a bit of a spot. I upgraded several FreeBSD 4.1 boxes via cvsup (tracking stable) and rebuilt, and now my previously-working IPSEC VPN's have stopped. The new kernel is at 4.2-BETA on the boxen in question, the old varied but one was as recent as October 14. I've done extensive testing and can find no obvious fault. The transport mode works fine, I have no problems with that. But the tunnels only seem to work one way; the packets leave the sending box and arrive at the receiving one (according to tcpdump), and are decoded by the kernel (according to netstat -sn there are no errors and the counters increment as expected). Yet the packets never seem to make it out of the kernel (or if they do, I can't find out what happens to them). Nothing else had changed in terms of my system configuration. Forwarding is still enabled and ipfw is not blocking the data. Has anyone else seen this ? Any suggestions ? -- Chris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message