On Wed, Dec 03, 2014 at 03:24:06PM +0000, Zé Loff wrote: > On Wed, Dec 03, 2014 at 04:09:02PM +0100, Sebastian Reitenbach wrote: > > I run this kernel from beginning of November: > > > > OpenBSD 5.6-current (GENERIC) #492: Fri Nov 7 10:21:36 MST 2014 > > dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC > > cpu0: Geode(TM) Integrated Processor by National Semi ("Geode by NSC" > > 586-class) 267 MHz > > cpu0: FPU,TSC,MSR,CX8,CMOV,MMX > > > > on my soekris box. Isakmpd is just started with: "-4 -K" > > my ipsec.conf looks similar to this one (only IP addresses changed): > > > > localip="1.1.1.1" > > peerip="2.2.2.2" > > ike esp from 3.3.3.0/24 to 4.4.0.0/16 \ > > local $localip peer $peerip \ > > main auth hmac-sha1 enc aes-128 group modp1024 \ > > quick auth hmac-sha1 enc aes-128 group modp1024 \ > > psk "top secret" > > > > > > and it "just works". > > > > does a higher debug level i.e. -D A=90 show something, or logging the > > packets isakmpd sees with -L give more hints? > > No packets are transferred, AFAICT. > > Running isakmpd -Kdv -D A=90 yields a single line after ipsecctl is run: > > uiconfig: "C set [General]:Check-interval=30 force" > > isakmpd then quits with exit code 0.
Actually, A=99 yields an extra line: Misc 95 conf_set_now: [General]:Check-interval->30 > > > > > cheers, > > Sebastian > > > > On Wednesday, December 3, 2014 15:53 CET, Zé Loff <zel...@zeloff.org> > > wrote: > > > > > On Wed, Dec 03, 2014 at 02:00:59PM +0000, Kaya Saman wrote: > > > > Hi, > > > > > > > > for some reason, this seems to have been for a while now; isakmpd will > > > > simply quit running after initiating: ipsecctl -f /etc/ipsec.conf > > > > > > > > Starting isakmpd manually with flags -Kdv doesn't give any indication > > > > as > > > > to what might be causing the service to crash or segfault and nothing > > > > is > > > > reported in the logs - I checked both daemon and messages. > > > > > > > > ipsec.conf consists of standard config: > > > > > > > > ike passive esp transport \ > > > > proto udp from 212.159.80.17 to any port 1701 \ > > > > main auth "hmac-sha" enc "aes" group modp1024 \ > > > > quick auth "hmac-sha" enc "aes" \ > > > > psk "Sclr11XP99" > > > > > > > > ike passive esp transport \ > > > > proto udp from <IP> to any port 1701 \ > > > > main auth "hmac-sha" enc "aes" group modp1024 \ > > > > quick auth "hmac-sha" enc "aes" \ > > > > psk "<Some_crazy_pass>" > > > > > > > > Basically the setup used to work fine a few upgrades ago while I was on > > > > 5.5 but then something seems to have changed and it stopped. > > > > > > > > Along with the above I'm running npppd for ipsec/l2tp so I can run the > > > > native Android VPN client. I do run OpenVPN in addition but their seems > > > > to be some issue with routing on some apps so to get round that the > > > > choice is either: add default route manually when using OpenVPN / or > > > > use > > > > native client. > > > > > > > > > > > > I managed to find this thread from the list: > > > > > > > > http://comments.gmane.org/gmane.os.openbsd.misc/209636 > > > > > > > > and managed to pretty much validate my config in comparison but for > > > > some > > > > reason I cannot work this one out. > > > > > > > > System is up to date as per last night and build is: > > > > > > > > 5.6 GENERIC.MP#633 amd64 > > > > > > > > 5.6 GENERIC.MP#633 amd64 > > > > > > > > > > > > Would anyone be able to suggest anything? > > > > > > > > > > > > Thanks. > > > > > > > > > > > > Kaya > > > > > > > > > > > > > I am seeing the same behaviour (apparently a clean exit, no message > > > whatsoever nor core file) on -current, with an ipsec.conf as simple as > > > this: > > > > > > ike dynamic esp from 10.17.19.3 (egress) to 10.17.16.0/22 \ > > > peer vpn.foo.bar \ > > > srcid peer1.foo.bar dstid vpn.foo.bar > > > > > > > > > I have upgraded -current several times since I last used IPSec, so I > > > can't tell for sure when it started... > > > > > > > > > > > > OpenBSD 5.6-current (GENERIC.MP) #634: Mon Dec 1 10:11:11 MST 2014 > > > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP > > > real mem = 8357658624 (7970MB) > > > avail mem = 8131330048 (7754MB) > > > mpath0 at root > > > scsibus0 at mpath0: 256 targets > > > mainbus0 at root > > > bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xe0010 (78 entries) > > > bios0: vendor LENOVO version "6QET70WW (1.40 )" date 10/11/2012 > > > bios0: LENOVO 3680WE9 > > > acpi0 at bios0: rev 2 > > > acpi0: sleep states S0 S3 S4 S5 > > > acpi0: tables DSDT FACP SSDT ECDT APIC MCFG HPET ASF! BOOT SSDT TCPA DMAR > > > SSDT SSDT SSDT > > > acpi0: wakeup devices LID_(S3) SLPB(S3) IGBE(S4) EXP1(S4) EXP2(S4) > > > EXP3(S4) EXP4(S4) EXP5(S4) EHC1(S3) EHC2(S3) HDEF(S4) > > > acpitimer0 at acpi0: 3579545 Hz, 24 bits > > > acpiec0 at acpi0 > > > acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat > > > cpu0 at mainbus0: apid 0 (boot processor) > > > cpu0: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz, 2660.43 MHz > > > cpu0: > > > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,AES,NXE,LONG,LAHF,PERF,ITSC > > > cpu0: 256KB 64b/line 8-way L2 cache > > > cpu0: smt 0, core 0, package 0 > > > mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges > > > cpu0: apic clock running at 133MHz > > > cpu1 at mainbus0: apid 1 (application processor) > > > cpu1: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz, 2660.01 MHz > > > cpu1: > > > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,AES,NXE,LONG,LAHF,PERF,ITSC > > > cpu1: 256KB 64b/line 8-way L2 cache > > > cpu1: smt 1, core 0, package 0 > > > cpu2 at mainbus0: apid 4 (application processor) > > > cpu2: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz, 2660.01 MHz > > > cpu2: > > > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,AES,NXE,LONG,LAHF,PERF,ITSC > > > cpu2: 256KB 64b/line 8-way L2 cache > > > cpu2: smt 0, core 2, package 0 > > > cpu3 at mainbus0: apid 5 (application processor) > > > cpu3: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz, 2660.01 MHz > > > cpu3: > > > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,AES,NXE,LONG,LAHF,PERF,ITSC > > > cpu3: 256KB 64b/line 8-way L2 cache > > > cpu3: smt 1, core 2, package 0 > > > ioapic0 at mainbus0: apid 1 pa 0xfec00000, version 20, 24 pins > > > ioapic0: misconfigured as apic 2, remapped to apid 1 > > > acpimcfg0 at acpi0 addr 0xe0000000, bus 0-255 > > > acpihpet0 at acpi0: 14318179 Hz > > > acpiprt0 at acpi0: bus 0 (PCI0) > > > acpiprt1 at acpi0: bus -1 (PEG_) > > > acpiprt2 at acpi0: bus 13 (EXP1) > > > acpiprt3 at acpi0: bus -1 (EXP2) > > > acpiprt4 at acpi0: bus -1 (EXP3) > > > acpiprt5 at acpi0: bus -1 (EXP4) > > > acpiprt6 at acpi0: bus 2 (EXP5) > > > acpicpu0 at acpi0: C3, C1, PSS > > > acpicpu1 at acpi0: C3, C1, PSS > > > acpicpu2 at acpi0: C3, C1, PSS > > > acpicpu3 at acpi0: C3, C1, PSS > > > acpipwrres0 at acpi0: PUBS, resource for EHC1, EHC2 > > > acpitz0 at acpi0: critical temperature is 100 degC > > > acpibtn0 at acpi0: LID_ > > > acpibtn1 at acpi0: SLPB > > > acpibat0 at acpi0: BAT0 model "42T4694" serial 545 type LION oem "SANYO" > > > acpibat1 at acpi0: BAT1 not present > > > acpiac0 at acpi0: AC unit online > > > acpithinkpad0 at acpi0 > > > acpidock0 at acpi0: GDCK docked (15) > > > cpu0: Enhanced SpeedStep 2660 MHz: speeds: 2400, 2399, 2266, 2133, 1999, > > > 1866, 1733, 1599, 1466, 1333, 1199 MHz > > > pci0 at mainbus0 bus 0 > > > pchb0 at pci0 dev 0 function 0 "Intel Core Host" rev 0x02 > > > vga1 at pci0 dev 2 function 0 "Intel HD Graphics" rev 0x02 > > > intagp0 at vga1 > > > agp0 at intagp0: aperture at 0xd0000000, size 0x10000000 > > > inteldrm0 at vga1 > > > drm0 at inteldrm0 > > > inteldrm0: 1280x800 > > > wsdisplay0 at vga1 mux 1: console (std, vt100 emulation) > > > wsdisplay0: screen 1-5 added (std, vt100 emulation) > > > "Intel 3400 MEI" rev 0x06 at pci0 dev 22 function 0 not configured > > > em0 at pci0 dev 25 function 0 "Intel 82577LM" rev 0x06: msi, address > > > xx:xx:xx:xx:xx:xx > > > ehci0 at pci0 dev 26 function 0 "Intel 3400 USB" rev 0x06: apic 1 int 23 > > > usb0 at ehci0: USB revision 2.0 > > > uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1 > > > azalia0 at pci0 dev 27 function 0 "Intel 3400 HD Audio" rev 0x06: msi > > > azalia0: codecs: Conexant/0x5069, Intel/0x2804, using Conexant/0x5069 > > > audio0 at azalia0 > > > ppb0 at pci0 dev 28 function 0 "Intel 3400 PCIE" rev 0x06: msi > > > pci1 at ppb0 bus 13 > > > ppb1 at pci0 dev 28 function 4 "Intel 3400 PCIE" rev 0x06: msi > > > pci2 at ppb1 bus 2 > > > iwn0 at pci2 dev 0 function 0 "Intel Centrino Advanced-N 6200" rev 0x35: > > > msi, MIMO 2T2R, MoW, address xx:xx:xx:xx:xx:xx > > > ehci1 at pci0 dev 29 function 0 "Intel 3400 USB" rev 0x06: apic 1 int 19 > > > usb1 at ehci1: USB revision 2.0 > > > uhub1 at usb1 "Intel EHCI root hub" rev 2.00/1.00 addr 1 > > > ppb2 at pci0 dev 30 function 0 "Intel 82801BAM Hub-to-PCI" rev 0xa6 > > > pci3 at ppb2 bus 14 > > > pcib0 at pci0 dev 31 function 0 "Intel QM57 LPC" rev 0x06 > > > ahci0 at pci0 dev 31 function 2 "Intel 3400 AHCI" rev 0x06: msi, AHCI 1.3 > > > scsibus1 at ahci0: 32 targets > > > sd0 at scsibus1 targ 0 lun 0: <ATA, HITACHI HTS72503, PC3Z> SCSI3 > > > 0/direct fixed naa.5000cca645c68684 > > > sd0: 305245MB, 512 bytes/sector, 625142448 sectors > > > cd0 at scsibus1 targ 1 lun 0: <HL-DT-ST, DVDRAM GU10N, MX05> ATAPI > > > 5/cdrom removable > > > ichiic0 at pci0 dev 31 function 3 "Intel 3400 SMBus" rev 0x06: apic 1 int > > > 23 > > > iic0 at ichiic0 > > > spdmem0 at iic0 addr 0x50: 4GB DDR3 SDRAM PC3-10600 SO-DIMM > > > spdmem1 at iic0 addr 0x51: 4GB DDR3 SDRAM PC3-10600 SO-DIMM > > > itherm0 at pci0 dev 31 function 6 "Intel 3400 Thermal" rev 0x06 > > > isa0 at pcib0 > > > isadma0 at isa0 > > > pckbc0 at isa0 port 0x60/5 > > > pckbd0 at pckbc0 (kbd slot) > > > pckbc0: using irq 1 for kbd slot > > > wskbd0 at pckbd0: console keyboard, using wsdisplay0 > > > pms0 at pckbc0 (aux slot) > > > pckbc0: using irq 12 for aux slot > > > wsmouse0 at pms0 mux 0 > > > wsmouse1 at pms0 mux 0 > > > pms0: Synaptics touchpad, firmware 7.4 > > > pcppi0 at isa0 port 0x61 > > > spkr0 at pcppi0 > > > aps0 at isa0 port 0x1600/31 > > > pci4 at mainbus0 bus 255 > > > pchb1 at pci4 dev 0 function 0 "Intel QuickPath" rev 0x02 > > > pchb2 at pci4 dev 0 function 1 "Intel QuickPath" rev 0x02 > > > pchb3 at pci4 dev 2 function 0 "Intel QPI Link" rev 0x02 > > > pchb4 at pci4 dev 2 function 1 "Intel QPI Physical" rev 0x02 > > > pchb5 at pci4 dev 2 function 2 "Intel Reserved" rev 0x02 > > > pchb6 at pci4 dev 2 function 3 "Intel Reserved" rev 0x02 > > > uhub2 at uhub0 port 1 "Intel Rate Matching Hub" rev 2.00/0.00 addr 2 > > > uhub3 at uhub2 port 5 "Lenovo product 0x1005" rev 2.00/0.01 addr 3 > > > uhub4 at uhub3 port 2 "NEC hub" rev 2.00/1.00 addr 4 > > > uhub5 at uhub4 port 4 "NEC hub" rev 2.00/1.00 addr 5 > > > uhub6 at uhub1 port 1 "Intel Rate Matching Hub" rev 2.00/0.00 addr 2 > > > vscsi0 at root > > > scsibus2 at vscsi0: 256 targets > > > softraid0 at root > > > scsibus3 at softraid0: 256 targets > > > sd1 at scsibus3 targ 1 lun 0: <OPENBSD, SR CRYPTO, 005> SCSI2 0/direct > > > fixed > > > sd1: 305242MB, 512 bytes/sector, 625135808 sectors > > > root on sd1a (40b8b4a2a7e90f03.a) swap on sd1b dump on sd1b > > > > > > -- > > > > -- > --