From owner-freebsd-net@FreeBSD.ORG  Tue Jan 25 16:26:31 2005
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 17EA516A569
	for <freebsd-net@freebsd.org>; Tue, 25 Jan 2005 16:26:31 +0000 (GMT)
Received: from mail.libertysurf.net (mx-out.tiscali.fr [213.36.80.91])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7178943D53
	for <freebsd-net@freebsd.org>; Tue, 25 Jan 2005 16:26:30 +0000 (GMT)
	(envelope-from ach@meta-x.org)
Received: from [192.168.16.149] (83.157.52.158) by mail.libertysurf.net
	(7.1.026)        id 41A46BF6011F4AC1; Tue, 25 Jan 2005 17:26:29 +0100
In-Reply-To: <20050125160837.GG59685@obiwan.tataz.chchile.org>
References: <20050124212011.GC59685@obiwan.tataz.chchile.org>
	<20050125011615.GB47638@dhcp120.icir.org>
	<20050125143327.GD59685@obiwan.tataz.chchile.org>
	<20050125144153.GJ47638@dhcp120.icir.org>
	<20050125150255.GE59685@obiwan.tataz.chchile.org>
	<20050125152209.GK47638@dhcp120.icir.org>
	<20050125160837.GG59685@obiwan.tataz.chchile.org>
Mime-Version: 1.0 (Apple Message framework v619)
Content-Type: text/plain; charset=US-ASCII; format=flowed
Message-Id: <D77B2F04-6EED-11D9-A13F-000D936E5C28@meta-x.org>
Content-Transfer-Encoding: 7bit
From: Alex <ach@meta-x.org>
Date: Tue, 25 Jan 2005 17:26:18 +0100
To: Jeremie Le Hen <jeremie@le-hen.org>
X-Mailer: Apple Mail (2.619)
cc: freebsd-net@freebsd.org
Subject: Re: gif(4) and bpf(4)
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Jan 2005 16:26:31 -0000

Hello,

Since we see ESP traffic directly on the ep0 interface, packets are not 
going through gif0 as stated in the routing table. IPsec SPD is 
overriding the routing table, can you check (provide us) with setkey 
-DP and setkey -D if no SPD is present from your net to 192.168.4.0/24 
?

Regards, Alex.

> Yes they are (network on the other side of the tunnel is 
> 192.168.4.0/24) :
> %%%
>   yoda:tools# netstat -rnf inet
>   Routing tables
>
>   Internet:
>   Destination        Gateway            Flags    Refs      Use  Netif 
> Expire
>   default            <hidden gw>        UGSc       24 17513460    ep0
> [...]
>   192.168.4          192.168.4.13       UGSc        0   691911   gif0
>   192.168.4.13       192.168.1.1        UH          3     6949   gif0