Re: IPSEC stop works after r285336

From: George Neville-Neil <gnn_at_neville-neil.com> Date: Sun, 26 Jul 2015 14:39:51 -0400 · This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:58 UTC

On 25 Jul 2015, at 1:51, Alexandr Krivulya wrote:

> 25.07.2015 00:38, John-Mark Gurney пишет:
>> Alexandr Krivulya wrote this message on Thu, Jul 23, 2015 at 10:38 
>> +0300:
>>> I have IPSEC tunnel inside l2tp tunnel via mpd. After r285536 I see 
>>> only
>>> outgoing esp packets on ng interface:
>> This change is -stable, not -current, but the change referenced below
>> is -current... Which one are you running?
>>
>> Also, the only ipsec related change after r285535 is r285770, though
>> that probably won't effect it...  Could you possibly narrow the 
>> change
>> that broke things?
>>
>>> root_at_thinkpad:/usr/src # tcpdump -i ng0
>>> tcpdump: verbose output suppressed, use -v or -vv for full protocol 
>>> decode
>>> listening on ng0, link-type NULL (BSD loopback), capture size 262144 
>>> bytes
>>> 10:35:27.331886 IP 10.10.10.2 > 10.10.10.1:
>>> ESP(spi=0x03081e58,seq=0x9a5), length 140
>>> 10:35:28.371707 IP 10.10.10.2 > 10.10.10.1:
>>> ESP(spi=0x03081e58,seq=0x9a6), length 140
>>> 10:35:29.443536 IP 10.10.10.2 > 10.10.10.1:
>>> ESP(spi=0x03081e58,seq=0x9a7), length 140
>>> 10:35:30.457370 IP 10.10.10.2 > 10.10.10.1:
>>> ESP(spi=0x03081e58,seq=0x9a8), length 140
>>> 10:35:31.475606 IP 10.10.10.2 > 10.10.10.1:
>>> ESP(spi=0x03081e58,seq=0x9a9), length 140
>>> 10:35:31.622315 IP 10.10.10.1.isakmp > 10.10.10.2.isakmp: isakmp: 
>>> phase
>>> 2/others ? inf[E]
>>> 10:35:31.622544 IP 10.10.10.2.isakmp > 10.10.10.1.isakmp: isakmp: 
>>> phase
>>> 2/others ? inf[E]
>>> 10:35:31.622658 IP 10.10.10.2.isakmp > 10.10.10.1.isakmp: isakmp: 
>>> phase
>>> 2/others ? inf[E]
>>> 10:35:31.623933 IP 10.10.10.1.isakmp > 10.10.10.2.isakmp: isakmp: 
>>> phase
>>> 2/others ? inf[E]
>>> 10:35:32.492349 IP 10.10.10.2 > 10.10.10.1:
>>> ESP(spi=0x03081e58,seq=0x9aa), length 140
>>> 10:35:33.509346 IP 10.10.10.2 > 10.10.10.1:
>>> ESP(spi=0x03081e58,seq=0x9ab), length 140
>>> 10:35:34.527187 IP 10.10.10.2 > 10.10.10.1:
>>> ESP(spi=0x03081e58,seq=0x9ac), length 140
>>> 10:35:35.539600 IP 10.10.10.2 > 10.10.10.1:
>>> ESP(spi=0x03081e58,seq=0x9ad), length 140
>>>
>>> With r285535 all works fine.
>
>
> Right commit is in subject - r285336.

There were two IPsec related commits after 285336.

Either 285347 or 285526 could be the fix.  If you're OK after those
two commits then the system is in correct working order.

Best,
George