IPSEC/FAST_IPSEC panic.

Matthew Dillon dillon at apollo.backplane.com
Sun Apr 23 14:59:21 PDT 2006


:I have been experiencing panics when testing IPSEC under HEAD. The 
:Kernel panics when sending or receiving Authentication Headers (AH) and 
:TCP connections encapsulated in ESP time out.
:
:I've made some progress resolving the panic but I can't get IPSEC or 
:FAST_IPSEC to work correctly. I've gone through the ipsec code looking 
:for any glaring errors. Any help would be appreciated.
:
:Regards
:
:Gary
:
:Communication between DragonFly Head and FreeBSD 4/6 using IPSEC.
:
:
:options IPSEC
:options	IPSEC_ESP
:
:IPSEC AH	ICMP, UDP and TCP are working between PCs.
:IPSEC ESP	ICMP and UDP work. TCP connections time out.
:IPSEC AH-ESP	ICMP and UDP work. TCP connections time out.

    I tested your config file between a FreeBSD-6.x and a DragonFly
    box and ICMP, UDP, and TCP seems to work.

    Could you explain the TCP timeout issue more?  Does TCP work initially
    and then fail at some point after the connection has been working for
    a whlie ?  I need to be able to duplicate the problem to track it down.

    It might also help to use tcpdump to observe the packet traffic at the
    point where the connection starts to fail and times out.

    tcpdump -s 4096 -vvv -i em0 -n -l port <port_you_are_testing_tcp_on>

						-Matt





More information about the Bugs mailing list