Date: Sun, 22 Apr 2001 10:31:14 +0900 From: itojun@iijlab.net To: Gunther Schadow <gunther@aurora.regenstrief.org> Cc: freebsd-net@freebsd.org Subject: Re: KAME SPD bug, please try and confirm ... Message-ID: <19829.987903074@itojun.org> In-Reply-To: gunther's message of Thu, 19 Apr 2001 04:11:25 GMT. <3ADE656D.3A0BDD0@aurora.regenstrief.org>
next in thread | previous in thread | raw e-mail | index | archive | help
>[Sorry I resend this because it seems as if my subject line
>was turning everyone off from looking at this.]
>Below is what could be a cookbook recipe for IPsec tunnels. However,
>unfortunately it's a bug report. I would like some of you to try
>this out and confirm the problem for me, may be find the error on
>my part, or make suggestions on how to work around this problem.
sorry that we did not make any useful responses, some of the kame guys
(mainly sakane) are trying to repeat the symptom.
i ran a small test with slightly different setup on both NetBSD
1.5.1_BETA and NetBSD 1.5 + KAME SNAP 2001042x, and the problem did
not repeat.
i'm just guessing, but it seems that there could be some problem
with your routing table setup. you are doing things like:
>aip=10.10.10.1
>bip=10.10.10.2
>aipsec=10.99.10
>bipsec=10.99.20
>ifconfig ${if} inet alias ${aip} netmask 0xffffff00
>ifconfig lo0 inet alias ${aipsec}.1 netmask 0xffffff00
>route add -net ${bipsec}.0/24 ${aipsec}.1
why do you need the routing setup, and why do you need the address
${aipsec}.1 onto the loopback interface? if you want to control the
source address selection, you may need to use route -ifa settings
instead.
a network diagram would be very helpful here. I guess you are
trying to configure single ethernet segment to have two IP subnet
numbers (10.99.10.0/24 and 10.10.10.0/24 are on the same network
interface, right?). I really don't recommend doing that. get an
extra ethernet card or two and make the device a proper firewall
router.
>If you have an older KAME release, you may not see this bug
>instantaneously, instead you will notice a kernel panic when
>running the network for some time under higher load (~ 2 Mb/s).
is the following description correct?
- FreeBSD 4.2-RELEASE is not affected
- FreeBDS 4.2-RELEASE + KAME SNAP 200103xx has problem, but no kernel
panic
- FreeBSD 4.2-RELEASE + KAME SNAP 200104xx has problem, with kernel
panic
if you can get a kernel stack trace on panic, it would be really useful.
itojun
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19829.987903074>