Re: Possible IPsec Trouble in 5.2RC?

From: Crist J. Clark <cristjc_at_comcast.net>
Date: Sun, 21 Dec 2003 20:18:01 -0800
On Fri, Dec 19, 2003 at 06:32:32AM -0800, Nathan Kay wrote:
> On Thu, Dec 18, 2003 at 10:49:32PM -0800, Crist J. Clark wrote:
> > IPsec does work, however. When I manually load up the SAD with
> > setkey(8), the ESP tunnel comes up and everything is fine.
> 
> 	Confirmed, IKE no longer works for my setup either, while manual
> keying does.
> 
> > I think the problem is that the IKE traffic, 500/udp, is not bypassing
> > the IPsec processing like it should.
> 
> 	That's what looked like was going on in my setup as well.

A few others have seen the same problems with KAME IPsec in 5.2RC. One
person mentioned that the FAST_IPSEC implementation does not share the
bug. I switched over and things work fine with the same racoon
executable and configuration. This does look like a bug in the FreeBSD
KAME IPsec.
-- 
Crist J. Clark                     |     cjclark_at_alum.mit.edu
                                   |     cjclark_at_jhu.edu
http://people.freebsd.org/~cjc/    |     cjc_at_freebsd.org
Received on Sun Dec 21 2003 - 19:18:10 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:35 UTC