Hi all, this ipsec tunnel configuration has 2 endpoints of CARPed pairs of obsd 4.8 boxes each with pfsync and sasyncd. After upgrading to 4.8 (stable) the vpn starts blocking in one direction after 2 days of uptime of the gateway pair. When this happens, netstat -rn shows flows as usual and ipsecctl -s sa -v shows no difference of SA, but lifetimes and additional old SAs during renegotiation. Usually it helps to reboot CARP slave on the gateway side to fix it for 1-2 days. lifetimes are set to defaults in isakmpd.conf. sasyncd.conf has nothing special: -------- listen on fxp1 inet port 500 interface carp0 flushmode startup sharedkey 0xdeadbeefdeadbeefdeadbeefdeadbeef peer 172.16.127.2 # PR6357: sasyncd(8) treats whitespace after comments as EOF in sasyncd.conf # sasyncd.conf at gw1 --------
Any help welcome, Axel --- axel....@chaos1.de PGP-Key:29E99DD6 +49 151 2300 9283 computing @ chaos claudius
