Date: Wed, 19 Apr 2000 22:58:58 -0400 From: Josh Tiefenbach <josh@zipperup.org> To: freebsd-net@freebsd.org Subject: PPPoE/ppp/pipsecd problem Message-ID: <20000419225857.A47315@snickers.org>
next in thread | raw e-mail | index | archive | help
I've been trying to get pipsecd from ports working between my machine (on a
DSL link, and using ppp/PPPoE) and another machine on the 'net at large. So
far I've been having some vexing problems.
I'm fairly confident that I've got pipsecd configured properly. Using the
exact same configs, I've gotten the setup to work nicely both on my internal
LAN (between 2 5.0-current machines) and between 2 hosts on the Internet.
However, I cant seem to get pipsecd to work between my gateway machine and one
of those Internet hosts.
At first I thought it might be my IPFilter rules blocking the proto ESP
packets, but the problem is still evident after I flush all the firewall
rules.
Diagram of network to make the following paragraph make sense:
------- ---------
| de0 -> tun0 <--------(Internet)------------------> de1 |
| 1.2.3.4 5.6.7.8 |
| |
| tun1 <-----------(pipsecd virtual link)----------> tun0 |
| 10.10.10.1 10.10.10.2 |
------- ---------
cerebus spike
tun0 on cerebus is controlled via ppp, and uses de0 as the transport for PPPoE.
tun1 on cerebus is controlled via pipsecd
de1 on spike is a normal ethernet port
tun0 on spike is controlled via pipsecd
When I ping 10.10.10.2 from cerebus, a tcpdump -i tun0 shows a whole bunch of
ESP packets leaving, but no replies coming back. A tcpdump -i de1 on spike
shows a bunch of ESP packets coming in, and replies being sent out.
*However*, if I do a tcpdump -i de0 on cerebus, I notice that those ESP
replies from spike are actually hitting de0 (inside the PPPoE encapsulation),
but would appear to not be passed to ppp, as I dont see them appear on tun0
A quick scan of both ppp and ng_pppoe doesnt reveal anything that suggests
that either one of those entities cant handle incoming IPPROTO_ESP packets.
cerebus is:
FreeBSD cerebus 5.0-CURRENT FreeBSD 5.0-CURRENT #9: Sun Apr 16 18:02:27 EDT 2000
make world done immediately after kernel.
Any suggestions from the floor? Brian? Julian?
josh
--
Give me rampant intellectualism as a coping strategy!
-- Chuck Palahniuk in Invisible Monsters
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000419225857.A47315>