I have a machine that I admin remotely running 4.6 with all the patches. It's
a firewall only machine with 6 ethernet interfaces, 4 of which are active,
and has been running fine since I upgraded it. It's got a fairly complex
pf.conf. Last week I set up a VPN on it to a Sonic Wall appliance. The VPN
comes up and works fine, and then somewhere between 4 and 24 hours later the
box loses all network connectivity. You can still login via console, and I've
been able to get the local people to run some basic commands (ifconfig,
netstat, ps, pfctl -s) and everything seems normal (from what I can get from
non-technical people over the phone), but none of the interfaces are passing
packets. Rebooting solves the problem for the next 4-24 hrs. It's happened
several times now. System logs show nothing.
I finally got console on this, and found a highly suspicious entry in the
routing table:
fw:$ netstat -nr
<results elided>
Encap:
Source Port Destination Port Proto SA(Address/Proto/Type/Direction)
<expected ecap routes elided>
0/0 0 0/0 0 0 gatewayIP/50/use/in
0/0 0 0/0 0 0 gatewayIP/50/require/out
Now, if that means what I think it means, it's obvious why I'm losing all my
network connections to and from that box. I'm using a bare-bones ipsec.conf
file that only specifies gateways, routes, and aes-sha1 (modp1024 pfs). Works
fine (to both a Sonic Wall and a Cisco ASA) for a while, and then this shows
up. Any ideas as to what could be causing this?
--
Jeff Simmons jsimm...@goblin.punk.net
Simmons Consulting - Network Engineering, Administration, Security
"You guys, I don't hear any noise. Are you sure you're doing it right?"
-- My Life With The Thrill Kill Kult
