Racoon and setkey problems
Eugene Grosbein
eugen at grosbein.net
Thu Feb 22 07:50:37 UTC 2018
On 22.02.2018 14:10, Misak Khachatryan wrote:
> Hello there,
>
> just a quick feedback. I've added rules to my ipfw to block all isakmp
> ports on interfaces not involved in ipsec and rebooted 3 of 4
> machines. Situation returned to normal on them, but rebooting fourth
> host is very painful. It seems i have some kind of massive ipsec
> probes from botnet which fills all my SAD and SPD entries or PFKEY
> sockets.
>
> All i need is to flush all SAD and SDP entries, but setkey can't do
> that. Is there any other way?
Try to increase sysctl kern.ipc.maxsockbuf upto some huge value like 80MB
and re-try with setkey.
More information about the freebsd-net
mailing list