Date: Mon, 10 Sep 2001 13:10:46 +0900 From: JINMEI Tatuya / =?ISO-2022-JP?B?GyRCP0BMQEMjOkgbKEI=?= <jinmei@isl.rdc.toshiba.co.jp> To: freebsd-net@FreeBSD.ORG Subject: Forward: Re: ping gif0 Message-ID: <y7vwv37it2x.wl@condor.jinmei.org> References: <002b01c135a1$5aa23070$1200a8c0@gsicomp.on.ca> <y7vheuhf2f2.wl@condor.jinmei.org> <003601c13718$24c99ce0$1200a8c0@gsicomp.on.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
--Multipart_Mon_Sep_10_13:10:46_2001-1
Content-Type: text/plain; charset=US-ASCII
I'm forwarding a message directly to me, with a permission of the
sender, because I myself do not have enough time to tackle this.
JINMEI, Tatuya
Communication Platform Lab.
Corporate R&D Center, Toshiba Corp.
jinmei@isl.rdc.toshiba.co.jp
--Multipart_Mon_Sep_10_13:10:46_2001-1
Content-Type: message/rfc822
Message-ID: <003601c13718$24c99ce0$1200a8c0@gsicomp.on.ca>
From: "Matthew Emmerton" <matt@gsicomp.on.ca>
To: <jinmei@isl.rdc.toshiba.co.jp>
References: <002b01c135a1$5aa23070$1200a8c0@gsicomp.on.ca> <y7vheuhf2f2.wl@condor.jinmei.org>
Subject: Re: ping gif0
Date: Thu, 6 Sep 2001 17:08:57 -0400
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0033_01C136F6.9D4E8CB0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4807.1700
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700
This is a multi-part message in MIME format.
------=_NextPart_000_0033_01C136F6.9D4E8CB0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
> >>>>> On Tue, 4 Sep 2001 20:26:04 -0400,
> >>>>> "Matthew Emmerton" <matt@gsicomp.on.ca> said:
>
> > I've got a question for all of you net hackers.
> > When I configure a gif interface, why can't I ping the local endpoint on
the
> > inside of the tunnel? I've just been through hell and back trying to
get
> > some IPSec tunnels created (they're working now, thanks to all those who
> > helped me out), and this was one of my big stumbling blocks -- since I
> > couldn't ping the local or remote endpoint of the gif tunnel, I spent
much
> > time chasing down problems with gif when it wasn't a problem at all.
>
> Please be more specific. I guess we need at least
>
> - the version of the OS
> - the result of 'ifconfig -a'
> - the result of 'gifconfig -a'
> - the result of 'netstat -rnal'
> - the exact output of ping (do not *describe* the situation, please.
> just copy and paste the output -by script(1) etc-)
The information you requested is attached. I've also included a 'netstat -p
ipsec' and the output from 'setkey -D' and 'setkey -PD'. This is the
configuration for system on the one end of the tunnel; the other
configuration is identical with the expected IP address changes.
Telnet and other interactive sessions work fine across the link (and are ESP
encapsulated), but ping to the endpoints or remote systems do not.
--
Matt Emmerton
------=_NextPart_000_0033_01C136F6.9D4E8CB0
Content-Type: text/plain;
name="gif-debug.txt"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
filename="gif-debug.txt"
Script started on Thu Sep 6 10:32:28 2001=0A=
waterloo.heers.on.ca# uname -a=0A=
FreeBSD waterloo.heers.on.ca 4.3-RELEASE-p14 FreeBSD 4.3-RELEASE-p14 #4: =
Tue Aug 28 23:46:59 EDT 2001 =
root@waterloo.heers.on.ca:/usr/src/sys/compile/HEERSNAT i386=0A=
waterloo.heers.on.ca# gifconfig -a=0A=
gif0: flags=3D8011<UP,POINTOPOINT,MULTICAST> mtu 1280=0A=
inet 10.0.2.130 --> 10.0.2.2 netmask 0xffffffff =0A=
physical address inet 209.167.75.123 --> 209.167.75.124=0A=
gif1: flags=3D8010<POINTOPOINT,MULTICAST> mtu 1280=0A=
physical address --> =0A=
gif2: flags=3D8010<POINTOPOINT,MULTICAST> mtu 1280=0A=
physical address --> =0A=
gif3: flags=3D8010<POINTOPOINT,MULTICAST> mtu 1280=0A=
physical address --> =0A=
gif4: flags=3D8010<POINTOPOINT,MULTICAST> mtu 1280=0A=
physical address --> =0A=
gif5: flags=3D8010<POINTOPOINT,MULTICAST> mtu 1280=0A=
physical address --> =0A=
waterloo.heers.on.ca# ifconfig -a=0A=
rl0: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500=0A=
ether 00:50:ba:56:16:3c =0A=
media: autoselect (none) status: active=0A=
supported media: autoselect 100baseTX <full-duplex> 100baseTX =
10baseT/UTP <full-duplex> 10baseT/UTP 100baseTX <hw-loopback>=0A=
rl1: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500=0A=
inet 10.0.2.129 netmask 0xfffffff0 broadcast 10.0.2.143=0A=
ether 00:50:ba:56:16:37 =0A=
media: autoselect (100baseTX <full-duplex>) status: active=0A=
supported media: autoselect 100baseTX <full-duplex> 100baseTX =
10baseT/UTP <full-duplex> 10baseT/UTP 100baseTX <hw-loopback>=0A=
lp0: flags=3D8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500=0A=
gif0: flags=3D8011<UP,POINTOPOINT,MULTICAST> mtu 1280=0A=
inet 10.0.2.130 --> 10.0.2.2 netmask 0xffffffff =0A=
gif1: flags=3D8010<POINTOPOINT,MULTICAST> mtu 1280=0A=
gif2: flags=3D8010<POINTOPOINT,MULTICAST> mtu 1280=0A=
gif3: flags=3D8010<POINTOPOINT,MULTICAST> mtu 1280=0A=
gif4: flags=3D8010<POINTOPOINT,MULTICAST> mtu 1280=0A=
gif5: flags=3D8010<POINTOPOINT,MULTICAST> mtu 1280=0A=
lo0: flags=3D8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384=0A=
inet 127.0.0.1 netmask 0xff000000 =0A=
tun0: flags=3D8151<UP,POINTOPOINT,RUNNING,PROMISC,MULTICAST> mtu 1492=0A=
inet 209.167.75.123 --> 171.68.187.1 netmask 0xffffff00 =0A=
Opened by PID 158=0A=
tun1: flags=3D8010<POINTOPOINT,MULTICAST> mtu 1500=0A=
waterloo.heers.on.ca# netstat -rnal -f inet=0A=
Routing tables=0A=
=0A=
Internet:=0A=
Destination Gateway Flags Refs Use Netif =
Expire=0A=
default 171.68.187.1 UGSc 7 34558 tun0=0A=
10.0.2/26 10.0.2.2 UGSc 1 8521 gif0=0A=
10.0.2.2 10.0.2.130 UH 1 10 gif0=0A=
10.0.2.128/28 link#2 UC 0 0 rl1 =
=3D>=0A=
10.0.2.129 0:50:ba:56:16:37 UHLW 0 22 lo0=0A=
10.0.2.137 0:40:5:df:5a:25 UHLW 0 116 rl1 =
415=0A=
10.0.2.138 0:40:5:df:37:97 UHLW 0 2 rl1 =
1042=0A=
10.0.2.139 0:40:5:de:b5:4c UHLW 2 7488 rl1 =
348=0A=
65.93.38.74 171.68.187.1 UGHW 2 34726 tun0=0A=
127.0.0.1 127.0.0.1 UH 0 12 lo0=0A=
171.68.187.1 209.167.75.123 UH 4 0 tun0=0A=
207.139.193.66 171.68.187.1 UGHW3 0 34560 tun0 =
3568=0A=
209.167.75.124 171.68.187.1 UGHW 1 34558 tun0=0A=
waterloo.heers.on.ca# ping 10.0.2.2=0A=
PING 10.0.2.2 (10.0.2.2): 56 data bytes=0A=
^C=0A=
--- 10.0.2.2 ping statistics ---=0A=
15 packets transmitted, 0 packets received, 100% packet loss=0A=
waterloo.heers.on.ca# ping 10.0.2.130=0A=
PING 10.0.2.130 (10.0.2.130): 56 data bytes=0A=
ping: sendto: Host is down=0A=
ping: sendto: Host is down=0A=
ping: sendto: Host is down=0A=
ping: sendto: Host is down=0A=
ping: sendto: Host is down=0A=
ping: sendto: Host is down=0A=
^C=0A=
--- 10.0.2.130 ping statistics ---=0A=
12 packets transmitted, 0 packets received, 100% packet loss=0A=
waterloo.heers.on.ca# ping 10.0.2.1=0A=
PING 10.0.2.1 (10.0.2.1): 56 data bytes=0A=
^C=0A=
--- 10.0.2.1 ping statistics ---=0A=
8 packets transmitted, 0 packets received, 100% packet loss=0A=
waterloo.heers.on.ca# ping 10.0.2.9=0A=
PING 10.0.2.9 (10.0.2.9): 56 data bytes=0A=
^C=0A=
--- 10.0.2.9 ping statistics ---=0A=
8 packets transmitted, 0 packets received, 100% packet loss=0A=
waterloo.heers.on.ca# exit=0A=
waterloo.heers.on.ca# netstat -p ipsec=0A=
ipsec:=0A=
6913 inbound packets processed successfully=0A=
34 inbound packets violated process security policy=0A=
0 inbound packets with no SA available=0A=
0 invalid inbound packets=0A=
0 inbound packets failed due to insufficient memory=0A=
0 inbound packets failed getting SPI=0A=
0 inbound packets failed on AH replay check=0A=
0 inbound packets failed on ESP replay check=0A=
0 inbound packets considered authentic=0A=
0 inbound packets failed on authentication=0A=
ESP input histogram:=0A=
simple: 6913=0A=
8575 outbound packets processed successfully=0A=
0 outbound packets violated process security policy=0A=
0 outbound packets with no SA available=0A=
0 invalid outbound packets=0A=
0 outbound packets failed due to insufficient memory=0A=
0 outbound packets with no route=0A=
ESP output histogram:=0A=
simple: 8575=0A=
waterloo.heers.on.ca# setkey -D=0A=
10.0.2.0/26[any] 10.0.2.128/28[any] any=0A=
in ipsec=0A=
esp/tunnel/209.167.75.124-209.167.75.123/require=0A=
spid=3D5 seq=3D1 pid=3D3802=0A=
refcnt=3D1=0A=
10.0.2.128/28[any] 10.0.2.0/26[any] any=0A=
out ipsec=0A=
esp/tunnel/209.167.75.123-209.167.75.124/require=0A=
spid=3D6 seq=3D0 pid=3D3802=0A=
refcnt=3D1=0A=
waterloo.heers.on.ca# setkey -DP=0A=
209.167.75.123 209.167.75.124=0A=
esp mode=3Dany spi=3D1001(0x000003e9) reqid=3D0(0x00000000)=0A=
E: null=0A=
replay=3D0 flags=3D0x00000040 state=3Dmature seq=3D1 pid=3D3803=0A=
created: Sep 4 18:04:50 2001 current: Sep 6 17:09:55 2001=0A=
diff: 169505(s) hard: 0(s) soft: 0(s)=0A=
last: Sep 6 17:08:14 2001 hard: 0(s) soft: 0(s)=0A=
current: 986988(bytes) hard: 0(bytes) soft: 0(bytes)=0A=
allocated: 13608 hard: 0 soft: 0=0A=
refcnt=3D2=0A=
209.167.75.124 209.167.75.123=0A=
esp mode=3Dany spi=3D1000(0x000003e8) reqid=3D0(0x00000000)=0A=
E: null=0A=
replay=3D0 flags=3D0x00000040 state=3Dmature seq=3D0 pid=3D3803=0A=
created: Sep 4 18:04:50 2001 current: Sep 6 17:09:55 2001=0A=
diff: 169505(s) hard: 0(s) soft: 0(s)=0A=
last: Sep 6 17:08:14 2001 hard: 0(s) soft: 0(s)=0A=
current: 2078652(bytes) hard: 0(bytes) soft: 0(bytes)=0A=
allocated: 10772 hard: 0 soft: 0=0A=
refcnt=3D1=0A=
------=_NextPart_000_0033_01C136F6.9D4E8CB0--
--Multipart_Mon_Sep_10_13:10:46_2001-1--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?y7vwv37it2x.wl>