Do you utilize PF as your firewalling platform, because I'm slightly
suspicious that could be the cause. In fact, it's a bit silly I haven't
disabled it entirely to see if that resolves my issues. I'll probably
run tests doing that tomorrow and will report back. PF did undergo a lot
of changes as I understand it between 9 and 10.
On 4/14/2014 9:14 PM, Eugene M. Zheganin wrote:
Hi.
On 10.04.2014 02:15, Matt Lager wrote:
I have used IPSEC tunnels w/ racoon to establish point to point VPN
connections for a long time, with great success. I recently decided to
upgrade one of my endpoints to 10.0-RELEASE from 9.2-RELEASE-p3. I
didn't do an upgrade but did a fresh installation of 10.0-RELEASE, but
applied the identical VPN configuration that was working in
9.2-RELEASE-p3. The tunnels came up fine, and setkey -D shows that
keys had been generated, connectivity appeared to be working at first
glance. I then started to work as normal through my VPN with things
like RDP, SQL Server, and other protocols, where I found that
connectivity started then came to a dead halt (not ICMP, which always
works fine). I did another fresh install of 9.2-RELEASE-p3, applied
the config, and everything worked as expected.
I've read a lot about MTU's and fragmented traffic, but I'm trying to
figure out where I should be looking to fix things up. Something
obviously changed. I do use PF, and I know PF underwent some big
changes, so maybe it's a PF problem, but I thought I'd post here
first. I'm using the same PF config on the 10.0 system as I did on the
9.2, of course making sure interfaces were all named properly and
whatnot.
Any advice would be appreciated. Thanks!
I'm using FreeBSD on a variety of VPN/ipsec links. Nothing really
changed in 10.x. In fact, I've skipped the 9.x branch entirely, because
it has been worst release over many years. You should really investigate
the problem, since it looks like it has nothing to do with the
versining. As a wild guess I can assume you have FLOWTABLE in your
kernel; if I'm right you should get rid of it.
Eugene.
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
--
Solid Data Services <http://www.soliddataservices.com>
Matt Lager / President
*Office:* 480-351-5122
*Mobile:* 501-269-8606
www.SolidDataServices.com <http://www.soliddataservices.com>
This e-mail message may contain confidential or legally privileged
information and is intended only for the use of the intended
recipient(s). Any unauthorized disclosure, dissemination, distribution,
copying or the taking of any action in reliance on the information
herein is prohibited. E-mails are not secure and cannot be guaranteed to
be error free as they can be intercepted, amended, or contain viruses.
Anyone who communicates with us by e-mail is deemed to have accepted
these risks. Solid Data Services is not responsible for errors or
omissions in this message and denies any responsibility for any damage
arising from the use of e-mail. Any opinion and other statement
contained in this message and any attachment are solely those of the
author and do not necessarily represent those of the company.
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
