As mentioned in my previous mail I have recompiled the kernel for the 6.3
stable branch including your patch and copied that kernel to a test firewall.
Good news I did not manage to make that test firewall crash with the patched
kernel so your patch seems to work just fine, that's fantastic!
Thank you very much for the very fast response and patch.
As this firewall is a productive OpenBSD 6.3 stable firewall which does not
have any comp* file set I have patched the kernel on another OpenBSD 6.3 test
system as following:
$ cd /usr
$ cvs -qd anon...@anoncvs.ca.openbsd.org:/cvs
On Thu, Apr 19, 2018 at 04:47:36PM -0400, mabi wrote:
> The VPN works fine for low data traffic but as soon as I start a big transfer
> between the two sites the kernel panics when iked wants to rekey the SA. I
> can reproduce this on demand by using the iperf tool for example.
Please test the
Hello,
I have setup an OpenBSD 6.3 (amd64) firewall that I also use for a site-to-site
VPN with iked to a remote firewall also using OpenBSD 6.3.
My iked.conf setup is quite lean and consists only of the following two IKEv2
policies:
ikev2 active esp from $local_ip to $remote_ip local
