Ipsec strange and annoying problem
I have IPsecs between few OpenBSD machines (release: 4.6, 4.8 $ 4.9). IPsec is working fine for a long time, but here and there (at once, or at twice per day), IPsec traffic just stop. This kind of problem last ussually 17-18 minutes. SAs are still there (or, at least, ipsecctl show that), but traffic cant pass from netA to netB.
I use isakmpd, /etc/ipsec.conf and x509 certificates. There is no nat, no rdr.
Until few months ago, everything worked fine on OBSD 4.5 & 4.6 (So, I think, there is no problem in ipsec.conf or x508).
Yes, I know about SHA, so between same BSD releases I use:
ike esp from $netA to $netB \
local $ipHOSTA peer $ipHOSTB \
main auth hmac-sha2-512 enc aes-256 group modp1024 \
quick auth hmac-sha2-512 enc aes-256 group modp1024
but between pre-4.7 and after-4.7 I use sha1
|Thread||Thread Starter||Forum||Replies||Last Post|
|Strange lib problem||mururoa||FreeBSD General||3||1st August 2009 08:34 AM|
|Strange network problem||mururoa||FreeBSD General||15||5th November 2008 08:25 AM|
|Strange Eterm-problem||PatrickBaer||FreeBSD General||5||22nd July 2008 08:54 AM|
|NFS and FreeBSD 6.2r strange problem ..||bsduser||FreeBSD Installation and Upgrading||3||11th July 2008 12:48 PM|
|Multiple IPSEC Tunnel problem||RMSZaphod||FreeBSD Security||1||28th June 2008 11:08 AM|