login
Search
I've got a FreeBSD setup running with three IPSec tunnels (these were created following the official FreeBSD documentation).
The three links have been running fine for many months now, however, I'm regularly getting entries in my /var/log/messages file stating "kernel: esp_input: packet replay check for SA(SPI= src= dst=)".
Depending on the day, these are coming anywhere between 5-30 minutes apart. I suppose it wouldn't be uncommon to see the odd packet reach a destination out of order after traveling around the world. What seems strange is their frequent regularity. The links are stable, but the messages are appearing for each of the tunnels.
Any ideas what could be causing this?
Thanks,
Brad
outside
most likely it happens outside your machines in the wild net. are other ip packets duplicated as well? most protocols don't care and just ignore that, you could use a traffic analyzer.
Replay
Thanks for the reply. I did a packet capture while running an SSH session to another computer. There were a few duplicated SSH packets that showed up. Would this have any negative effect on the VPN tunnel?
Also, these messages are constantly filling up my logs (sometimes appearing every second or two). If this replay duplication is normal, is there any way to suppress/limit these messages?
Thanks
I have the exact same
I have the exact same problem along with a bunch of kernel: ipsec_common_input: no key association found for SA messages. I suspect that it has to do with the NAT_T patch. I've yet to figure out how to filter these messages out of my dmesg buffer.