Date: Thu, 9 Nov 2000 03:44:56 +1100 From: "Chris Cason" <casonc@netplex.aussie.org> To: <freebsd-security@FreeBSD.ORG> Subject: IPSEC tunnels fail with -stable kernel? Message-ID: <015601c049a3$5dd17980$023a1dac@dsat.net.au>
next in thread | raw e-mail | index | archive | help
Hi, I'm in a bit of a spot. I upgraded several FreeBSD 4.1 boxes via cvsup (tracking stable) and rebuilt, and now my previously-working IPSEC VPN's have stopped. The new kernel is at 4.2-BETA on the boxen in question, the old varied but one was as recent as October 14. I've done extensive testing and can find no obvious fault. The transport mode works fine, I have no problems with that. But the tunnels only seem to work one way; the packets leave the sending box and arrive at the receiving one (according to tcpdump), and are decoded by the kernel (according to netstat -sn there are no errors and the counters increment as expected). Yet the packets never seem to make it out of the kernel (or if they do, I can't find out what happens to them). Nothing else had changed in terms of my system configuration. Forwarding is still enabled and ipfw is not blocking the data. Has anyone else seen this ? Any suggestions ? -- Chris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?015601c049a3$5dd17980$023a1dac>