I have a machine that I admin remotely running 4.6 with all the patches. It's a firewall only machine with 6 ethernet interfaces, 4 of which are active, and has been running fine since I upgraded it. It's got a fairly complex pf.conf. Last week I set up a VPN on it to a Sonic Wall appliance. The VPN comes up and works fine, and then somewhere between 4 and 24 hours later the box loses all network connectivity. You can still login via console, and I've been able to get the local people to run some basic commands (ifconfig, netstat, ps, pfctl -s) and everything seems normal (from what I can get from non-technical people over the phone), but none of the interfaces are passing packets. Rebooting solves the problem for the next 4-24 hrs. It's happened several times now. System logs show nothing.
I finally got console on this, and found a highly suspicious entry in the routing table: fw:$ netstat -nr <results elided> Encap: Source Port Destination Port Proto SA(Address/Proto/Type/Direction) <expected ecap routes elided> 0/0 0 0/0 0 0 gatewayIP/50/use/in 0/0 0 0/0 0 0 gatewayIP/50/require/out Now, if that means what I think it means, it's obvious why I'm losing all my network connections to and from that box. I'm using a bare-bones ipsec.conf file that only specifies gateways, routes, and aes-sha1 (modp1024 pfs). Works fine (to both a Sonic Wall and a Cisco ASA) for a while, and then this shows up. Any ideas as to what could be causing this? -- Jeff Simmons jsimm...@goblin.punk.net Simmons Consulting - Network Engineering, Administration, Security "You guys, I don't hear any noise. Are you sure you're doing it right?" -- My Life With The Thrill Kill Kult