Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PF_KEY buffer overflow errors - killing ipsec tunnel

    Scheduled Pinned Locked Moved IPsec
    2 Posts 2 Posters 715 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      derekirving
      last edited by derekirving

      I'm sure this is an old topic, but all of a sudden I'm getting issues with my VPN. The tunnel peers are connected and pingable, but no private traffic will pass over apn. The other end of my peer is an ATT apn (att router). After about 5 years of working, it all of a sudden started failing with "error sending to PF_KEY buffer overflow". I have to REBOOT the pFsense to reconnect, now this behaivor has occured 3 times over the past 7 days. We have IOT devices to go over the ipsec vpn. Each time of the issues this buffer overflow was present. I've inherited this pfsense about 3 years ago and I have more experence with sonicwall. Any advice appreciated.

      PFsense version: 2.4.2-RELEASE (amd64)
      built on Mon Nov 20 08:12:56 CST 2017
      FreeBSD 11.1-RELEASE-p4

      ERRORS

      09[NET] <con1000|10> received packet: from 166.216.154.28[500] to 209.161.19.179[500] (180 bytes)
      May 6 16:58:05 charon 09[ENC] <con1000|10> parsed QUICK_MODE request 2154148486 [ HASH SA No ID ID ]
      May 6 16:58:05 charon 09[IKE] <con1000|10> received 3600s lifetime, configured 28800s
      May 6 16:58:05 charon 09[IKE] <con1000|10> received 4608000000 lifebytes, configured 0
      May 6 16:58:05 charon 09[ENC] <con1000|10> generating QUICK_MODE response 2154148486 [ HASH SA No ID ID ]
      May 6 16:58:05 charon 09[NET] <con1000|10> sending packet: from 209.161.19.179[500] to 166.216.154.28[500] (188 bytes)
      May 6 16:58:05 charon 09[NET] <con1000|10> received packet: from 166.216.154.28[500] to 209.161.19.179[500] (60 bytes)
      May 6 16:58:05 charon 09[ENC] <con1000|10> parsed QUICK_MODE request 2154148486 [ HASH ]
      May 6 16:58:05 charon 09[KNL] <con1000|10> error sending to PF_KEY socket: No buffer space available
      May 6 16:58:05 charon 09[KNL] <con1000|10> unable to delete SAD entry with SPI c8bbd4d8
      May 6 16:58:05 charon 09[KNL] <con1000|10> deleting SPI allocation SA failed
      May 6 16:58:05 charon 09[KNL] <con1000|10> error sending to PF_KEY socket: No buffer space available

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        Upgrade to a more recent supported release. That was fixed a long time ago.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.