Date: Mon, 10 Sep 2001 15:22:08 +0100 From: Brian Somers <brian@freebsd-services.com> To: JINMEI Tatuya / =?ISO-2022-JP?B?GyRCP0BMQEMjOkgbKEI=?= <jinmei@isl.rdc.toshiba.co.jp> Cc: Brian Somers <brian@freebsd-services.com>, freebsd-net@FreeBSD.ORG, brian@freebsd-services.com Subject: Re: Forward: Re: ping gif0 Message-ID: <200109101422.f8AEM8J60160@hak.lan.Awfulhak.org> In-Reply-To: Message from JINMEI Tatuya / =?ISO-2022-JP?B?GyRCP0BMQEMjOkgbKEI=?= <jinmei@isl.rdc.toshiba.co.jp> of "Mon, 10 Sep 2001 21:51:49 %2B0900." <y7vofojcioq.wl@condor.jinmei.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> >>>>> On Mon, 10 Sep 2001 11:54:49 +0100,
> >>>>> Brian Somers <brian@freebsd-services.com> said:
>
> > The local endpoint can't be pinged unless you've got a route for
> > it... that's just the way the routing code works.
>
> > You can ping the local address for an Ethernet interface, but that's
> > just because the hardware returns such packets.
>
> > Adding a loopback route or address alias is the way to handle this.
>
> Correct, but in this case, pinging the other end of the link also
> failed:
>
> gif0: flags=8011<UP,POINTOPOINT,MULTICAST> mtu 1280
> inet 10.0.2.130 --> 10.0.2.2 netmask 0xffffffff
> physical address inet 209.167.75.123 --> 209.167.75.124
>
> waterloo.heers.on.ca# ping 10.0.2.2
> PING 10.0.2.2 (10.0.2.2): 56 data bytes
> ^C
> --- 10.0.2.2 ping statistics ---
> 15 packets transmitted, 0 packets received, 100% packet loss
>
> I don't get the reason for this part. This is perhaps due to some
> IPsec issues? netstat gave us an interesting result:
>
> 34 inbound packets violated process security policy
This rings bells. I have been having difficulties with an IPSEC over
gif setup recently, but they went away with the latest racoon update
in the ports collection. They *may* have appeared with the previous
racoon update - I'm not sure. The symptoms were bizarre.
I had two LANs with an IP4 gif tunnel between them and an IPSEC
transport policy encrypting ip4 data between the two public IP
addresses. From anywhere on LAN1 I could send & receive data to
the LAN2 private gateway IP number, but could not send data to any
internal machines on LAN2. Trying to talk to internal machines on
LAN2 resulted in authentication errors for the data coming into LAN1s
gateway.
Upgrading racoon on LAN2's gateway made the problem go away....
> JINMEI, Tatuya
> Communication Platform Lab.
> Corporate R&D Center, Toshiba Corp.
> jinmei@isl.rdc.toshiba.co.jp
--
Brian <brian@freebsd-services.com> <brian@Awfulhak.org>
http://www.freebsd-services.com/ <brian@[uk.]FreeBSD.org>
Don't _EVER_ lose your sense of humour ! <brian@[uk.]OpenBSD.org>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200109101422.f8AEM8J60160>