From owner-freebsd-net@FreeBSD.ORG Wed Sep 30 11:48:41 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 01841106568D for ; Wed, 30 Sep 2009 11:48:41 +0000 (UTC) (envelope-from Abbas_Zaidi@mentor.com) Received: from relay1.mentorg.com (relay1.mentorg.com [192.94.38.131]) by mx1.freebsd.org (Postfix) with ESMTP id D06018FC0A for ; Wed, 30 Sep 2009 11:48:40 +0000 (UTC) Received: from nat-dem.mentorg.com ([139.181.124.2] helo=eu2-mail.mgc.mentorg.com) by relay1.mentorg.com with esmtp id 1MsxAw-0000nd-HT from Abbas_Zaidi@mentor.com for freebsd-net@freebsd.org; Wed, 30 Sep 2009 04:16:50 -0700 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/related; boundary="----_=_NextPart_001_01CA41BF.81173469"; type="multipart/alternative" Date: Wed, 30 Sep 2009 13:16:47 +0200 Message-ID: X-MS-Has-Attach: yes X-MS-TNEF-Correlator: Thread-Topic: FreeBSD ipsec tunnel mode packet lost Thread-Index: AcpBv4AfjOu8ImMDQdavhngfClAOeA== From: "Zaidi, Abbas" To: X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: "Ansari, Fakhir" , "Khan, Fayyaz" Subject: FreeBSD ipsec tunnel mode packet lost X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Sep 2009 11:48:41 -0000 This is a multi-part message in MIME format. ------_=_NextPart_001_01CA41BF.81173469 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi I am having this strange problem establishing tunnel between FreeBSD and linux, my network setup is =20 Link2:216:76ff:febd:618c ---------|Link2::e -o- Link1::e|--------------------|Link1::f -o- Link0::e|---------------Link0:212:17ff:fe5c:9466 FreeBSDe------------------------------|FreeBSDr|------------------------ ----------|Linuxr|-----------------------------------Linuxe =20 Where I want to establish a tunnel between FreeBSDr and Linuxe (that would be Link1::e <=3D=3D> Link0:212:17ff:fe5c:9466). Im using raccoon2 = to negotiate SAs dynamically.=20 Once the SAs get negotiated I send a ping request from FreeBSDe to Linuxe. The packets get an ipsec header applied at FreeBSDr reaches Linuxe a reply to packet comes back at Link1::e interface of FreeBSDr and then packet gets lost. =20 I am not using gif. Do I need it? I don't think any thing is wrong with ipsec as the seq of both in and out sa are incrementing on every echo request reply. I am new to FreeBSD and not sure about firewall, but I think its not running. There is one strange thing about security policies as of linux in case of tunnel there are 3 policies added (in, out, fwd) where as in FreeBSD it only shows 2 (in, out). Ping without ipsec from FreeBSDe to Linuxe works perfectly fine, so I assume routing tables are fine too.=20 =20 I have run out of options and do not understand what to do; any sort of help will be highly appreciated. =20 Thanks, =20 Abbas Zaidi Software Development Engineer Embedded System Division MentorGraphics Embedded =20 Office (+9242) 6099215 Cell (+92333) 4261781 =20 =20 ------_=_NextPart_001_01CA41BF.81173469--