When running the following command on openbsd 7.5 -stable
#ipsecctl -s all -vv
under the subheading for one of the tunnels we receives the following entry
counter:
....
608 packets dropped on input
...
are are curious to know what could possibly be the source/cause of these
packets being dropped.
The circumstances driving this inquiry is that our team has an IKEv2 vpn
connection where the tunnel between is two sites is successfully
established (from all of our ipsecctl -s all feedback) but traffic flow
across enc0 interface occurs very intermittently and some times not at
all. The remote end of the tunnel is operating a Cisco ASA 5550 appliance.
We have perused our pf.conf file in an attempt to see if a particular
rule set may be prohibiting the network traffic flow but at the present
time the current pf rule exists
- pass on enc0
Again, at times traffic will flow across enc0 flawlessly but in those
circumstances after the ikelifetime(IKE SA expiration) expires the ipsec
link will reestablish itself but traffic will cease to flow across enc0.
Any suggestions on approaches to further troubleshoot this issue are
appreciated.
Thank you much.
-------
Boyd Stephens
I85Cyber.org
