• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

PF_KEY buffer overflow errors - killing ipsec tunnel

Scheduled Pinned Locked Moved IPsec
2 Posts 2 Posters 730 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • D
    derekirving
    last edited by derekirving May 7, 2022, 2:23 AM May 7, 2022, 2:19 AM

    I'm sure this is an old topic, but all of a sudden I'm getting issues with my VPN. The tunnel peers are connected and pingable, but no private traffic will pass over apn. The other end of my peer is an ATT apn (att router). After about 5 years of working, it all of a sudden started failing with "error sending to PF_KEY buffer overflow". I have to REBOOT the pFsense to reconnect, now this behaivor has occured 3 times over the past 7 days. We have IOT devices to go over the ipsec vpn. Each time of the issues this buffer overflow was present. I've inherited this pfsense about 3 years ago and I have more experence with sonicwall. Any advice appreciated.

    PFsense version: 2.4.2-RELEASE (amd64)
    built on Mon Nov 20 08:12:56 CST 2017
    FreeBSD 11.1-RELEASE-p4

    ERRORS

    09[NET] <con1000|10> received packet: from 166.216.154.28[500] to 209.161.19.179[500] (180 bytes)
    May 6 16:58:05 charon 09[ENC] <con1000|10> parsed QUICK_MODE request 2154148486 [ HASH SA No ID ID ]
    May 6 16:58:05 charon 09[IKE] <con1000|10> received 3600s lifetime, configured 28800s
    May 6 16:58:05 charon 09[IKE] <con1000|10> received 4608000000 lifebytes, configured 0
    May 6 16:58:05 charon 09[ENC] <con1000|10> generating QUICK_MODE response 2154148486 [ HASH SA No ID ID ]
    May 6 16:58:05 charon 09[NET] <con1000|10> sending packet: from 209.161.19.179[500] to 166.216.154.28[500] (188 bytes)
    May 6 16:58:05 charon 09[NET] <con1000|10> received packet: from 166.216.154.28[500] to 209.161.19.179[500] (60 bytes)
    May 6 16:58:05 charon 09[ENC] <con1000|10> parsed QUICK_MODE request 2154148486 [ HASH ]
    May 6 16:58:05 charon 09[KNL] <con1000|10> error sending to PF_KEY socket: No buffer space available
    May 6 16:58:05 charon 09[KNL] <con1000|10> unable to delete SAD entry with SPI c8bbd4d8
    May 6 16:58:05 charon 09[KNL] <con1000|10> deleting SPI allocation SA failed
    May 6 16:58:05 charon 09[KNL] <con1000|10> error sending to PF_KEY socket: No buffer space available

    1 Reply Last reply Reply Quote 0
    • J
      jimp Rebel Alliance Developer Netgate
      last edited by May 9, 2022, 1:23 PM

      Upgrade to a more recent supported release. That was fixed a long time ago.

      Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

      Need help fast? Netgate Global Support!

      Do not Chat/PM for help!

      1 Reply Last reply Reply Quote 0
      1 out of 2
      • First post
        1/2
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
        This community forum collects and processes your personal information.
        consent.not_received