I have noticed an anomoly in the IPsec tunnels in the latest build. The situation: I have several tunnels created on my pfS server. I recently upgraded to the latest SNAP (built on Sun Jul 1 11:24:33 EDT 2007) and I started noticing tunnel drops soon after.
The Results: I started noticing that the tunnels were dropping and that it took (basically) a full reboot to re-establish the tunnels (7 of them). The tunnels are IPsec|ESP|MD5 tunnels (pretty standard tunnels) built to the WAN interface and designating the internal LAN subnet on either side as their parent networks. Everything has worked flawlessly in the past with this configuration. The Findings: None to speak of, except I see a lot of the following messages in the logs: Jul 1 14:10:30 racoon: INFO: delete phase 2 handler. Jul 1 14:10:30 racoon: ERROR: phase2 negotiation failed due to time up waiting for phase1. ESP x.x.x.x[0]->x.x.x.x[0] Jul 1 14:09:59 racoon: INFO: begin Identity Protection mode. Jul 1 14:09:59 racoon: INFO: initiate new phase 1 negotiation: x.x.x.x[500]<=>x.x.x.x[500] Jul 1 14:09:59 racoon: INFO: IPsec-SA request for x.x.x.x queued due to no phase1 found. Jul 1 14:09:23 racoon: INFO: 192.168.168.1[500] used as isakmp port (fd=23) Jul 1 14:09:23 racoon: INFO: fe80::208:c7ff:fe59:26cd%fxp0[500] used as isakmp port (fd=22) Jul 1 14:09:23 racoon: INFO: x.x.x.x[500] used as isakmp port (fd=21) Jul 1 14:09:23 racoon: INFO: fe80::250:8bff:fe08:283d%fxp1[500] used as isakmp port (fd=20) Jul 1 14:09:23 racoon: INFO: 192.168.100.1[500] used as isakmp port (fd=19) Jul 1 14:09:23 racoon: INFO: fe80::208:c7ff:fea4:970c%tl0[500] used as isakmp port (fd=18) Jul 1 14:09:23 racoon: INFO: fe80::209:5bff:fe92:465a%ath0[500] used as isakmp port (fd=17) Jul 1 14:09:23 racoon: INFO: 10.10.10.1[500] used as isakmp port (fd=16) Jul 1 14:09:23 racoon: INFO: 127.0.0.1[500] used as isakmp port (fd=15) Jul 1 14:09:23 racoon: INFO: ::1[500] used as isakmp port (fd=14) Jul 1 14:09:23 racoon: INFO: fe80::1%lo0[500] used as isakmp port (fd=13) Jul 1 14:09:23 racoon: INFO: @(#)This product linked OpenSSL 0.9.7e-p1 25 Oct 2004 (http://www.openssl.org/) Jul 1 14:09:23 racoon: INFO: @(#)ipsec-tools 0.6.7 (http://ipsec-tools.sourceforge.net) -- David L. Strout Engineering Systems Plus, LLC --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
