IPSEC/FAST_IPSEC panic.

Matthew Dillon dillon at apollo.backplane.com
Sun Apr 23 11:09:35 PDT 2006


:I have been experiencing panics when testing IPSEC under HEAD. The 
:Kernel panics when sending or receiving Authentication Headers (AH) and 
:TCP connections encapsulated in ESP time out.
:
:I've made some progress resolving the panic but I can't get IPSEC or 
:FAST_IPSEC to work correctly. I've gone through the ipsec code looking 
:for any glaring errors. Any help would be appreciated.
:
:Regards
:
:Gary
:
:Communication between DragonFly Head and FreeBSD 4/6 using IPSEC.

    I'll commit your patch, that header length check was clearly broken.

    I'll try to get a test rig set up for FreeBSD<->DragonFly communication.
    DragonFly<->DragonFly communication seems to work for both UDP and TCP
    using your IPSEC configuration.  I'm not an IPSEC expert, though, so
    I'm hoping Jeffrey will step in here and figure it out.

    FAST_IPSEC is likely completely broken, I would not use it at all.

						-Matt

:options IPSEC
:options	IPSEC_ESP
:
:IPSEC AH	ICMP, UDP and TCP are working between PCs.
:IPSEC ESP	ICMP and UDP work. TCP connections time out.
:IPSEC AH-ESP	ICMP and UDP work. TCP connections time out.
:
:
:options FAST_IPSEC
:
:IPSEC AH	Kernel panic.
:IPSEC ESP	ICMP, UDP and TCP are working between PCs.
:IPSEC AH-ESP	Kernel panic.






More information about the Bugs mailing list