Racoon and setkey problems
Misak Khachatryan
kmisak at gmail.com
Thu Feb 22 09:08:35 UTC 2018
That didn help.
Best regards,
Misak Khachatryan
On Thu, Feb 22, 2018 at 11:50 AM, Eugene Grosbein <eugen at grosbein.net> wrote:
> On 22.02.2018 14:10, Misak Khachatryan wrote:
>> Hello there,
>>
>> just a quick feedback. I've added rules to my ipfw to block all isakmp
>> ports on interfaces not involved in ipsec and rebooted 3 of 4
>> machines. Situation returned to normal on them, but rebooting fourth
>> host is very painful. It seems i have some kind of massive ipsec
>> probes from botnet which fills all my SAD and SPD entries or PFKEY
>> sockets.
>>
>> All i need is to flush all SAD and SDP entries, but setkey can't do
>> that. Is there any other way?
>
> Try to increase sysctl kern.ipc.maxsockbuf upto some huge value like 80MB
> and re-try with setkey.
>
More information about the freebsd-net
mailing list