From owner-freebsd-net  Tue May 23  8: 0:25 2000
Delivered-To: freebsd-net@freebsd.org
Received: from storm.FreeBSD.org.uk (storm.freebsd.org.uk [194.242.139.170])
	by hub.freebsd.org (Postfix) with ESMTP id A241737B59F
	for <freebsd-net@FreeBSD.ORG>; Tue, 23 May 2000 08:00:21 -0700 (PDT)
	(envelope-from brian@Awfulhak.org)
Received: from hak.lan.Awfulhak.org (hak.nat.Awfulhak.org [172.31.0.12])
	by storm.FreeBSD.org.uk (8.9.3/8.9.3) with ESMTP id QAA14881;
	Tue, 23 May 2000 16:00:19 +0100 (BST)
	(envelope-from brian@Awfulhak.org)
Received: from hak.lan.Awfulhak.org (localhost [127.0.0.1])
	by hak.lan.Awfulhak.org (8.9.3/8.9.3) with ESMTP id QAA03189;
	Tue, 23 May 2000 16:00:14 +0100 (BST)
	(envelope-from brian@Awfulhak.org)
Message-Id: <200005231500.QAA03189@hak.lan.Awfulhak.org>
X-Mailer: exmh version 2.1.1 10/15/1999
To: Josh Tiefenbach <josh@zipperup.org>
Cc: Renaud Waldura <renaud@evolunet.com>, freebsd-net@FreeBSD.ORG,
	brian@hak.lan.Awfulhak.org
Subject: Re: PPP dropping IPSec packets? 
In-Reply-To: Message from Josh Tiefenbach <josh@zipperup.org> 
   of "Tue, 23 May 2000 10:24:07 EDT." <20000523102407.A52508@zipperup.org> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Tue, 23 May 2000 16:00:14 +0100
From: Brian Somers <brian@Awfulhak.org>
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Do they get reported if you ``set log +tcp/ip'' ?  Also, please make 
sure you've got the very latest version of ppp (000523 from my web 
site or from people.freebsd.org/~brian) as I've just committed a 
forgotten patch that may be relevant (although I don't think it will 
be).

If the latest ppp code doesn't show the data in the logs, I'd suspect 
the problems in libalias....

> > I try to ping the remote end of the encrypted link, but the packets
> > never make it back to me. They do flow from tun1 to tun0 to eth0
> > to the telco router to ... to the remote site, _which_replies_ 
> > to my ICMP echo, but for some reason PPP drops the IPSec packets,
> > they never come back up to neither tun0 (tunnel interface opened
> > by ppp), nor to tun1 (tunnel opened by pipsecd).
> > 
> > But they *do* make it back to the Ethernet interface, they're
> > just not transmitted back to the tunnel tun0.
> 
> I had the *exact* same problem. 
> 
> You dont mention whether or not you are using NAT on your gateway box. I
> noticed that when I turned off ppp's NAT facility that the pipsecd tunnel
> automagically started to work.
> 
> I havent had the chance to delve any further, but it would appear that either
> ppp or libalias has some problems trying to map ESP packets.
> 
> josh
> 
> -- 
> "Just because we know the value of G won't make better cell phones"
>                                                             -- Jens Gundlach

-- 
Brian <brian@Awfulhak.org>                        <brian@[uk.]FreeBSD.org>
      <http://www.Awfulhak.org>                   <brian@[uk.]OpenBSD.org>
Don't _EVER_ lose your sense of humour !




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message