Date: Fri, 21 Dec 2012 05:21:03 GMT From: hshh <hunreal@gmail.com> To: freebsd-gnats-submit@FreeBSD.org Subject: misc/174602: traceroute issue on gif tunnel with ipsec Message-ID: <201212210521.qBL5L3UF049011@red.freebsd.org> Resent-Message-ID: <201212210530.qBL5U08x022033@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 174602 >Category: misc >Synopsis: traceroute issue on gif tunnel with ipsec >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Dec 21 05:30:00 UTC 2012 >Closed-Date: >Last-Modified: >Originator: hshh >Release: 9.1-RELEASE >Organization: >Environment: FreeBSD vpn 9.1-RELEASE FreeBSD 9.1-RELEASE #1 r244417: Wed Dec 19 14:35:14 CST 2012 root@vpn:/usr/obj/usr/src/sys/vpn amd64 >Description: traceroute request timed out while through ipsec ipip tunnel. network1(172.16.0.0/24)<->server1(172.16.0.254)<-gif->server2(10.0.0.254)<->network2(10.0.0.0/24) Without ipsec, traceroute from one network to other, everything is ok. 1 <1 ms <1 ms <1 ms 172.16.0.254 2 100 ms 100 ms 100 ms 10.0.0.254 3 100 ms 100 ms 100 ms 10.0.0.1 With ipsec, the second hop shown request timed out. 1 <1 ms <1 ms <1 ms 172.16.0.254 2 * * * Request timed out. 3 100 ms 100 ms 100 ms 10.0.0.1 # ipsec.conf spdflush; spdadd 172.16.0.254/32 10.0.0.254/32 ipencap -P out ipsec esp/transport//require; spdadd 10.0.0.254/32 172.16.0.254/32 ipencap -P in ipsec esp/transport//require; flush; add 172.16.0.254 10.0.0.254 esp 10001 -E blowfish-cbc "123456"; add 10.0.0.254 172.16.0.254 esp 10002 -E blowfish-cbc "123456"; This bug effects either transport or tunnel mode ipsec, also in 6in4 tunnel, traceroute6. >How-To-Repeat: Setup gif tunnel with ipsec, and traceroute/traceroute6. >Fix: >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201212210521.qBL5L3UF049011>