Re: Network severely unstable 10.0-PRERELEASE
On Thu, Dec 26, 2013 at 08:32:53AM +1300, Berend de Boer wrote: B Gleb Does the system panic the same way as described in B Gleb misc/182141) on 10.0? B B Indeed, no change. Purely a kernel issue. Repeatable since FreeBSD B 9.x, across 10.x, across 32-bit and 64-bit. B B There's a related issue: B B http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/182557 B B Let me know if you need anything else from me. B B I've just grabbed the latest FreeBSD 10 sources, and recompiling now. B B Next Monday I'm able to enable the bug triggering keyword again (not B now, all the family is here and wants a stable network :-) ). What is the bug triggering keyword? Can you please provide a minimal configuration that reproduced the bug? -- Totus tuus, Glebius. ___ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to freebsd-pf-unsubscr...@freebsd.org
Re: Network severely unstable 10.0-PRERELEASE
On Thu, Dec 26, 2013 at 02:17:38PM +0400, Gleb Smirnoff wrote: T On Thu, Dec 26, 2013 at 08:32:53AM +1300, Berend de Boer wrote: T B Gleb Does the system panic the same way as described in T B Gleb misc/182141) on 10.0? T B T B Indeed, no change. Purely a kernel issue. Repeatable since FreeBSD T B 9.x, across 10.x, across 32-bit and 64-bit. T B T B There's a related issue: T B T B http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/182557 T B T B Let me know if you need anything else from me. T B T B I've just grabbed the latest FreeBSD 10 sources, and recompiling now. T B T B Next Monday I'm able to enable the bug triggering keyword again (not T B now, all the family is here and wants a stable network :-) ). T T What is the bug triggering keyword? Can you please provide a minimal T configuration that reproduced the bug? Already see it in the kern/182557. Thanks! -- Totus tuus, Glebius. ___ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to freebsd-pf-unsubscr...@freebsd.org
Re: Network severely unstable 10.0-PRERELEASE
Gleb == Gleb Smirnoff gleb...@freebsd.org writes: Gleb Can you share a vmcore from paniced FreeBSD 10 system and Gleb kernel binary? Yes, what kernel options do I need to compile in to get you this? -- All the best, Berend de Boer pgpSf32MU4UVc.pgp Description: OpenPGP Digital Signature
Re: Network severely unstable 10.0-PRERELEASE
On Fri, Dec 27, 2013 at 01:55:31PM +1300, Berend de Boer wrote: B Gleb == Gleb Smirnoff gleb...@freebsd.org writes: B B Gleb Can you share a vmcore from paniced FreeBSD 10 system and B Gleb kernel binary? B B Yes, what kernel options do I need to compile in to get you this? http://www.freebsd.org/doc/en/books/developers-handbook/kerneldebug.html#kerneldebug-obtain -- Totus tuus, Glebius. ___ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to freebsd-pf-unsubscr...@freebsd.org
Re: nat before ipsec ...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 target - world -- em0 - freebsd - vlanA -- LAN ^^ net A || +- netC -.-.-.-.- IPSec -.-.-.-.- net B -+ ... where: A1 is some address from net A B2 is some address from net B C3 is some address from net C I can see incoming packets from A1 to C3 on interface vlanA, but after that, packets disappears, I can not find them any other interface and no return packets finally I was able to get the packets redirected (actually after pf restart, not just reload) and now I have A1 packet going to C3 on vlanA # tcpdump -ni tun10 host C3 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on tun10, link-type NULL (BSD loopback), capture size 65535 bytes 07:10:57.641536 IP A1 C3: ICMP echo request, id 59179, seq 8913, length 64 07:10:58.641467 IP A1 C3: ICMP echo request, id 59179, seq 8914, length 64 07:10:59.641882 IP A1 C3: ICMP echo request, id 59179, seq 8915, length 64 and further I can see them on the interface, IPSec configured on: # tcpdump -ni em1 host C3 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on em1, link-type EN10MB (Ethernet), capture size 65535 bytes 07:12:28.638456 IP A1 C3: ICMP echo request, id 59179, seq 9004, length 64 07:12:29.636961 IP A1 C3: ICMP echo request, id 59179, seq 9005, length 64 07:12:30.637647 IP A1 C3: ICMP echo request, id 59179, seq 9006, length 64 but these packets *does not passing through the nat* ... in pf.conf I do: rdr pass on $if_vpn from A1 to C - $target-side-of-ipsec binat on $if_vpn from A1 to C3 - B2 and net.inet.ipsec.filtertunnel is set to 1 is bellow URL the answer? http://forum.pfsense.org/index.php/topic,49800.msg265106.html#msg265106 - -- Zeus V. Panchenko jid:z...@im.ibs.dn.ua IT Dpt., I.B.S. LLC GMT+2 (EET) -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (FreeBSD) iEYEARECAAYFAlK9KpgACgkQr3jpPg/3oyrcbgCfe7+k8VGcoqpQkbjg5uTmGn/A xTUAoLLjMCD0GEcRWcAD61mXWMNZ+4ZQ =2rY3 -END PGP SIGNATURE- ___ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to freebsd-pf-unsubscr...@freebsd.org