Date: Thu, 1 Oct 2009 10:00:35 +0200 From: "Zaidi, Abbas" <Abbas_Zaidi@mentor.com> To: "VANHULLEBUS Yvan" <vanhu@FreeBSD.org> Cc: freebsd-net@freebsd.org, "Ansari, Fakhir" <Fakhir_Ansari@mentor.com>, "Khan, Fayyaz" <Fayyaz_Khan@mentor.com> Subject: RE: FreeBSD ipsec tunnel mode packet lost Message-ID: <A19AEE62D2942649A4C49BCD0878E421D5D5F9@eu2-mail.mgc.mentorg.com> In-Reply-To: <20090930120822.GA73383@zeninc.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks Yvan for the help The problem got solved by changing the in security policy, on SGW, from ipsec level require to use, but I'm still not clear what the real issue was. Why we can't use require on it. Thanks,=20 -----Original Message----- From: VANHULLEBUS Yvan [mailto:vanhu@FreeBSD.org]=20 Sent: Wednesday, September 30, 2009 6:08 PM To: Zaidi, Abbas Cc: freebsd-net@freebsd.org; Ansari, Fakhir; Khan, Fayyaz Subject: Re: FreeBSD ipsec tunnel mode packet lost On Wed, Sep 30, 2009 at 01:16:47PM +0200, Zaidi, Abbas wrote: > Hi Hi. > I am having this strange problem establishing tunnel between FreeBSD and > linux, my network setup is [the setup] > Once the SAs get negotiated I send a ping request from FreeBSDe to > Linuxe. The packets get an ipsec header applied at FreeBSDr reaches > Linuxe a reply to packet comes back at Link1::e interface of FreeBSDr > and then packet gets lost. >=20 > I am not using gif. Do I need it? Probably not. > I don't think any thing is wrong with ipsec as the seq of both in and > out sa are incrementing on every echo request reply. please check output of "netstat -s" (mainly sections esp, ipsec6, ip6), and see if some counters increase for each dropped packet. [...] > There is one strange thing about security policies as of linux in case > of tunnel there are 3 policies added (in, out, fwd) where as in FreeBSD > it only shows 2 (in, out). This is specific to Linux's IPsec stack implementation, just forget anything related to "fwd"..... Yvan.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?A19AEE62D2942649A4C49BCD0878E421D5D5F9>