Date: Mon, 05 Sep 2011 21:52:42 -0400 From: Mike Tancsa <mike@sentex.net> To: Mikhail Goriachev <mikhailg@webanoide.org> Cc: freebsd-questions@freebsd.org Subject: Re: IPsec phase 1 and 2 negotiation in an infinite loop. Message-ID: <4E657CEA.7080300@sentex.net> In-Reply-To: <8d457de47ed92550a511265436c183f9.squirrel@www.vap.navalradio.net> References: <8d457de47ed92550a511265436c183f9.squirrel@www.vap.navalradio.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 9/5/2011 8:06 PM, Mikhail Goriachev wrote: > Hi, > > Can anyone please comment/shed some light/give hints on the following?: > > I've got a VPN cranking between 8.2-RELEASE-p2 (my end) and an unknown > appliance (the other party doesn't want to disclose specs). Everything > works just fine and I had a stable and fully established connection for 4 > months without a problem. However, today the tunnel went down. > > I'm using FreeBSD's IPsec and ipsec-tools-0.8.0_2 (racoon). Everything's > up to date. The thing is, according to tcpdump, it seems that both > machines are trying to get beyond phases 1 and 2 in an infinite loop: > > > 00:00:04.024146 00:11:22:33:44:55 > 55:44:33:22:11:00, ethertype IPv4 > (0x0800), length 378: 1.2.3.4.5.500 > 5.4.3.2.1.500: isakmp: phase 1 > I ident > 00:00:01.800582 55:44:33:22:11:00 > 00:11:22:33:44:55, ethertype IPv4 > (0x0800), length 126: 5.4.3.2.1.500 > 1.2.3.4.5.500: isakmp: phase 1 > R ident > > Configuration files and logs are available on request. post a dozen lines of tcpdump -s0 -vvvv -ni <external int> port 500 As well as the racoon logs and config as well as setkey -DP ---Mike -- ------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4E657CEA.7080300>