From owner-freebsd-net Sun Sep 9 21:10:59 2001 Delivered-To: freebsd-net@freebsd.org Received: from shuttle.wide.toshiba.co.jp (shuttle.wide.toshiba.co.jp [202.249.10.124]) by hub.freebsd.org (Postfix) with ESMTP id B595F37B401 for ; Sun, 9 Sep 2001 21:10:46 -0700 (PDT) Received: from localhost ([3ffe:501:100f:10c1:200:39ff:fe97:3f1e]) by shuttle.wide.toshiba.co.jp (8.9.1+3.1W/8.9.1) with ESMTP id NAA19456 for ; Mon, 10 Sep 2001 13:11:12 +0900 (JST) Date: Mon, 10 Sep 2001 13:10:46 +0900 Message-ID: From: JINMEI Tatuya / =?ISO-2022-JP?B?GyRCP0BMQEMjOkgbKEI=?= To: freebsd-net@FreeBSD.ORG Subject: Forward: Re: ping gif0 References: <002b01c135a1$5aa23070$1200a8c0@gsicomp.on.ca> <003601c13718$24c99ce0$1200a8c0@gsicomp.on.ca> User-Agent: Wanderlust/2.6.0 (Twist And Shout-pre) Emacs/21.0 Mule/5.0 (SAKAKI) Organization: Research & Development Center, Toshiba Corp., Kawasaki, Japan. MIME-Version: 1.0 (generated by SEMI 1.13.7 - "Awazu") Content-Type: multipart/mixed; boundary="Multipart_Mon_Sep_10_13:10:46_2001-1" X-Dispatcher: imput version 980905(IM100) Lines: 232 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --Multipart_Mon_Sep_10_13:10:46_2001-1 Content-Type: text/plain; charset=US-ASCII I'm forwarding a message directly to me, with a permission of the sender, because I myself do not have enough time to tackle this. JINMEI, Tatuya Communication Platform Lab. Corporate R&D Center, Toshiba Corp. jinmei@isl.rdc.toshiba.co.jp --Multipart_Mon_Sep_10_13:10:46_2001-1 Content-Type: message/rfc822 Message-ID: <003601c13718$24c99ce0$1200a8c0@gsicomp.on.ca> From: "Matthew Emmerton" To: References: <002b01c135a1$5aa23070$1200a8c0@gsicomp.on.ca> Subject: Re: ping gif0 Date: Thu, 6 Sep 2001 17:08:57 -0400 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0033_01C136F6.9D4E8CB0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 This is a multi-part message in MIME format. ------=_NextPart_000_0033_01C136F6.9D4E8CB0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit > >>>>> On Tue, 4 Sep 2001 20:26:04 -0400, > >>>>> "Matthew Emmerton" said: > > > I've got a question for all of you net hackers. > > When I configure a gif interface, why can't I ping the local endpoint on the > > inside of the tunnel? I've just been through hell and back trying to get > > some IPSec tunnels created (they're working now, thanks to all those who > > helped me out), and this was one of my big stumbling blocks -- since I > > couldn't ping the local or remote endpoint of the gif tunnel, I spent much > > time chasing down problems with gif when it wasn't a problem at all. > > Please be more specific. I guess we need at least > > - the version of the OS > - the result of 'ifconfig -a' > - the result of 'gifconfig -a' > - the result of 'netstat -rnal' > - the exact output of ping (do not *describe* the situation, please. > just copy and paste the output -by script(1) etc-) The information you requested is attached. I've also included a 'netstat -p ipsec' and the output from 'setkey -D' and 'setkey -PD'. This is the configuration for system on the one end of the tunnel; the other configuration is identical with the expected IP address changes. Telnet and other interactive sessions work fine across the link (and are ESP encapsulated), but ping to the endpoints or remote systems do not. -- Matt Emmerton ------=_NextPart_000_0033_01C136F6.9D4E8CB0 Content-Type: text/plain; name="gif-debug.txt" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="gif-debug.txt" Script started on Thu Sep 6 10:32:28 2001=0A= waterloo.heers.on.ca# uname -a=0A= FreeBSD waterloo.heers.on.ca 4.3-RELEASE-p14 FreeBSD 4.3-RELEASE-p14 #4: = Tue Aug 28 23:46:59 EDT 2001 = root@waterloo.heers.on.ca:/usr/src/sys/compile/HEERSNAT i386=0A= waterloo.heers.on.ca# gifconfig -a=0A= gif0: flags=3D8011 mtu 1280=0A= inet 10.0.2.130 --> 10.0.2.2 netmask 0xffffffff =0A= physical address inet 209.167.75.123 --> 209.167.75.124=0A= gif1: flags=3D8010 mtu 1280=0A= physical address --> =0A= gif2: flags=3D8010 mtu 1280=0A= physical address --> =0A= gif3: flags=3D8010 mtu 1280=0A= physical address --> =0A= gif4: flags=3D8010 mtu 1280=0A= physical address --> =0A= gif5: flags=3D8010 mtu 1280=0A= physical address --> =0A= waterloo.heers.on.ca# ifconfig -a=0A= rl0: flags=3D8843 mtu 1500=0A= ether 00:50:ba:56:16:3c =0A= media: autoselect (none) status: active=0A= supported media: autoselect 100baseTX 100baseTX = 10baseT/UTP 10baseT/UTP 100baseTX =0A= rl1: flags=3D8843 mtu 1500=0A= inet 10.0.2.129 netmask 0xfffffff0 broadcast 10.0.2.143=0A= ether 00:50:ba:56:16:37 =0A= media: autoselect (100baseTX ) status: active=0A= supported media: autoselect 100baseTX 100baseTX = 10baseT/UTP 10baseT/UTP 100baseTX =0A= lp0: flags=3D8810 mtu 1500=0A= gif0: flags=3D8011 mtu 1280=0A= inet 10.0.2.130 --> 10.0.2.2 netmask 0xffffffff =0A= gif1: flags=3D8010 mtu 1280=0A= gif2: flags=3D8010 mtu 1280=0A= gif3: flags=3D8010 mtu 1280=0A= gif4: flags=3D8010 mtu 1280=0A= gif5: flags=3D8010 mtu 1280=0A= lo0: flags=3D8049 mtu 16384=0A= inet 127.0.0.1 netmask 0xff000000 =0A= tun0: flags=3D8151 mtu 1492=0A= inet 209.167.75.123 --> 171.68.187.1 netmask 0xffffff00 =0A= Opened by PID 158=0A= tun1: flags=3D8010 mtu 1500=0A= waterloo.heers.on.ca# netstat -rnal -f inet=0A= Routing tables=0A= =0A= Internet:=0A= Destination Gateway Flags Refs Use Netif = Expire=0A= default 171.68.187.1 UGSc 7 34558 tun0=0A= 10.0.2/26 10.0.2.2 UGSc 1 8521 gif0=0A= 10.0.2.2 10.0.2.130 UH 1 10 gif0=0A= 10.0.2.128/28 link#2 UC 0 0 rl1 = =3D>=0A= 10.0.2.129 0:50:ba:56:16:37 UHLW 0 22 lo0=0A= 10.0.2.137 0:40:5:df:5a:25 UHLW 0 116 rl1 = 415=0A= 10.0.2.138 0:40:5:df:37:97 UHLW 0 2 rl1 = 1042=0A= 10.0.2.139 0:40:5:de:b5:4c UHLW 2 7488 rl1 = 348=0A= 65.93.38.74 171.68.187.1 UGHW 2 34726 tun0=0A= 127.0.0.1 127.0.0.1 UH 0 12 lo0=0A= 171.68.187.1 209.167.75.123 UH 4 0 tun0=0A= 207.139.193.66 171.68.187.1 UGHW3 0 34560 tun0 = 3568=0A= 209.167.75.124 171.68.187.1 UGHW 1 34558 tun0=0A= waterloo.heers.on.ca# ping 10.0.2.2=0A= PING 10.0.2.2 (10.0.2.2): 56 data bytes=0A= ^C=0A= --- 10.0.2.2 ping statistics ---=0A= 15 packets transmitted, 0 packets received, 100% packet loss=0A= waterloo.heers.on.ca# ping 10.0.2.130=0A= PING 10.0.2.130 (10.0.2.130): 56 data bytes=0A= ping: sendto: Host is down=0A= ping: sendto: Host is down=0A= ping: sendto: Host is down=0A= ping: sendto: Host is down=0A= ping: sendto: Host is down=0A= ping: sendto: Host is down=0A= ^C=0A= --- 10.0.2.130 ping statistics ---=0A= 12 packets transmitted, 0 packets received, 100% packet loss=0A= waterloo.heers.on.ca# ping 10.0.2.1=0A= PING 10.0.2.1 (10.0.2.1): 56 data bytes=0A= ^C=0A= --- 10.0.2.1 ping statistics ---=0A= 8 packets transmitted, 0 packets received, 100% packet loss=0A= waterloo.heers.on.ca# ping 10.0.2.9=0A= PING 10.0.2.9 (10.0.2.9): 56 data bytes=0A= ^C=0A= --- 10.0.2.9 ping statistics ---=0A= 8 packets transmitted, 0 packets received, 100% packet loss=0A= waterloo.heers.on.ca# exit=0A= waterloo.heers.on.ca# netstat -p ipsec=0A= ipsec:=0A= 6913 inbound packets processed successfully=0A= 34 inbound packets violated process security policy=0A= 0 inbound packets with no SA available=0A= 0 invalid inbound packets=0A= 0 inbound packets failed due to insufficient memory=0A= 0 inbound packets failed getting SPI=0A= 0 inbound packets failed on AH replay check=0A= 0 inbound packets failed on ESP replay check=0A= 0 inbound packets considered authentic=0A= 0 inbound packets failed on authentication=0A= ESP input histogram:=0A= simple: 6913=0A= 8575 outbound packets processed successfully=0A= 0 outbound packets violated process security policy=0A= 0 outbound packets with no SA available=0A= 0 invalid outbound packets=0A= 0 outbound packets failed due to insufficient memory=0A= 0 outbound packets with no route=0A= ESP output histogram:=0A= simple: 8575=0A= waterloo.heers.on.ca# setkey -D=0A= 10.0.2.0/26[any] 10.0.2.128/28[any] any=0A= in ipsec=0A= esp/tunnel/209.167.75.124-209.167.75.123/require=0A= spid=3D5 seq=3D1 pid=3D3802=0A= refcnt=3D1=0A= 10.0.2.128/28[any] 10.0.2.0/26[any] any=0A= out ipsec=0A= esp/tunnel/209.167.75.123-209.167.75.124/require=0A= spid=3D6 seq=3D0 pid=3D3802=0A= refcnt=3D1=0A= waterloo.heers.on.ca# setkey -DP=0A= 209.167.75.123 209.167.75.124=0A= esp mode=3Dany spi=3D1001(0x000003e9) reqid=3D0(0x00000000)=0A= E: null=0A= replay=3D0 flags=3D0x00000040 state=3Dmature seq=3D1 pid=3D3803=0A= created: Sep 4 18:04:50 2001 current: Sep 6 17:09:55 2001=0A= diff: 169505(s) hard: 0(s) soft: 0(s)=0A= last: Sep 6 17:08:14 2001 hard: 0(s) soft: 0(s)=0A= current: 986988(bytes) hard: 0(bytes) soft: 0(bytes)=0A= allocated: 13608 hard: 0 soft: 0=0A= refcnt=3D2=0A= 209.167.75.124 209.167.75.123=0A= esp mode=3Dany spi=3D1000(0x000003e8) reqid=3D0(0x00000000)=0A= E: null=0A= replay=3D0 flags=3D0x00000040 state=3Dmature seq=3D0 pid=3D3803=0A= created: Sep 4 18:04:50 2001 current: Sep 6 17:09:55 2001=0A= diff: 169505(s) hard: 0(s) soft: 0(s)=0A= last: Sep 6 17:08:14 2001 hard: 0(s) soft: 0(s)=0A= current: 2078652(bytes) hard: 0(bytes) soft: 0(bytes)=0A= allocated: 10772 hard: 0 soft: 0=0A= refcnt=3D1=0A= ------=_NextPart_000_0033_01C136F6.9D4E8CB0-- --Multipart_Mon_Sep_10_13:10:46_2001-1-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message