Btw i forgot to mention...of course the PEER is running OpenBSD -current too (two days old amd64)
Meanwhile i switched to isakmpd (for testing and to make sure iked isn't the (only) problem) but it also doesn't work. On Mon, Jun 29, 2015 at 03:45:48PM +0200, Mark Patruck wrote: > Hi, > > i'm sitting here for hours with a weird dns lookup issue. > > I have two remote machines (3 days old amd64 current) > which are connected via ipsec to PEER. Except that iked > throws the following message every few minutes > > "iked[123]: pfkey_sa_last_used" > > everything works fine. > > PEER enc0 -> REMOTE0 enc0 > PEER enc1 -> REMOTE1 enc0 > > > On machine REMOTE0 > > $ cat /etc/resolv.conf > lookup file bind > nameserver 192.168.15.105 > > - 1) ping to 192.168.15.105 -> OK > - 2) dig openbsd.org -> OK (correct answer from 192.168.15.105) > - 3) ping openbsd.org -> FAIL > - 4) ping 129.128.5.194 -> OK > > For 3), there's no request to the resolver (unbound) seen on > PEERs' enc0 interface, nor blocks. > > Big issue of course is, that no daemon on REMOTE0 is able to do > a correct lookup. > > UPDATE: > Every now and then a "ping openbsd.org" is working...once started > it runs and runs....but after Ctrl+C, i tried to "ping openbsd.org" > 20 times in a row...doesn't work and nothing is seen on the PEERs' enc0. > > Thanks in advance for any ideas. > > > -- > Mark Patruck ( mark at wrapped.cx ) > GPG key 0xF2865E51 / 187F F6D3 EE04 1DCE 1C74 F644 0D3C F66F F286 5E51 > > http://www.wrapped.cx > -- Mark Patruck ( mark at wrapped.cx ) GPG key 0xF2865E51 / 187F F6D3 EE04 1DCE 1C74 F644 0D3C F66F F286 5E51 http://www.wrapped.cx