Darn, I should write better messages. So here goes an important addendum: On Wed, 17.03.2010 at 17:55:34 +0100, Toni Mueller <[email protected]> wrote: > I've installed the latest snapshot, with kernel bsd.mp#488, on a > machine that has several IPSEC connections to handle, some fixed > (branch offices), some for road warriors. The setup per se runs well > for several years, but after this upgrade, traffic to the branch > offices stopped. I checked one of the branch office's firewalls, which > runs a slightly older version of OpenBSD, that the encryped packets > arrive on the WAN interface. So I conclude that the gateway, running > the snapshot, pushes the packets out ok (I can observe these packets on > the gateway's enc0 interface, too, so confidence is high). In the > branch office's gateway, using 'netstat -rnf encap', I see all the > entries that there used to be, but I see _NO_ packets on its enc0 > interface.
This was binary-upgrading an existing machine from 4.6-stable to -current, including 'sysmerge', and it is i386 (again). Traffic from and to road warriors is unaffected by the problem, only traffic to networks (with a netmask < 32 - I can only test /16 so far). If you want me to test something, that can probably be arranged. -- Kind regards, --Toni++
