Subject: Re: IPSec tunnel broke with ~latest 1.6Z
To: None <current-users@netbsd.org>
From: Arto Selonen <arto@selonen.org>
List: current-users
Date: 09/09/2003 20:46:57
Hi!
On Tue, 9 Sep 2003, Greg Troxel wrote:
> Look at the statistics counters with 'netbsd -s -p ipsec'. If you see
> inbound packets with no SA available, you are probably having the same
> problem I am.
# netstat -s -p ipsec | grep SA
102 inbound packets with no SA available
0 outbound packets with no SA available
The above comes from the broken(?) 1.6Z, whereas the 1.6T shows zeros.
The number seems to increment even without actively testing the
non-working direction. The number is quite low (it was above 3000), since
I just found out that 'setkey -DP' panics. Did work at the 1.6T
Anyway, thanks for confirming my doubts. I guess I'll start waiting for
a fix. :)
Artsi
#######======------ http://www.selonen.org/arto/ --------========########
Everstinkuja 5 B 35 Don't mind doing it.
FIN-02600 Espoo arto@selonen.org Don't mind not doing it.
Finland tel +358 50 560 4826 Don't know anything about it.