From owner-freebsd-questions@FreeBSD.ORG Sat Jun 5 13:21:27 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8E2A716A4E9 for ; Sat, 5 Jun 2004 13:21:27 -0700 (PDT) Received: from murdoc.towardex.com (murdoc.towardex.com [65.124.16.100]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0C7B343D55 for ; Sat, 5 Jun 2004 13:21:25 -0700 (PDT) (envelope-from pgpkeys@pgpkeys.net) Received: from pool-70-16-47-95.buff.east.verizon.net ([70.16.47.95] helo=pgpkeys.kicks-ass.net) by murdoc.towardex.com with asmtp (TLSv1:RC4-MD5:128) (Exim 4.34; FreeBSD) id 1BWhfY-000KZW-30; Sat, 05 Jun 2004 16:21:32 -0400 From: "D.D.W. Downey" Organization: CyberSpace Technologies, Inc. To: "Thomas Farrell" Date: Sat, 5 Jun 2004 16:21:38 -0400 User-Agent: KMail/1.6.2 References: <20040604063045.E7F0016A4F3@hub.freebsd.org> <200406040302.05691.pgpkeys@pgpkeys.net> <04fc01c44b26$f10d5600$0b0a0a0a@neonduron> In-Reply-To: <04fc01c44b26$f10d5600$0b0a0a0a@neonduron> MIME-Version: 1.0 Content-Disposition: inline Content-Type: Text/Plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Message-Id: <200406051621.41738.pgpkeys@pgpkeys.net> X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - murdoc.towardex.com X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [26 6] X-AntiAbuse: Sender Address Domain - pgpkeys.net cc: freebsd-questions@freebsd.org Subject: Re: GRE issues X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: pgpkeys@pgpkeys.net List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 05 Jun 2004 20:21:28 -0000 =2D----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Saturday 05 June 2004 02:00 pm, you wrote: > The link below will show you exactly how to setup GRE tunnels > > http://www.pointless.net/~jasper/consume/docs/my-docs/tunneling.html > > ----- Original Message ----- > From: "D.D.W. Downey" > To: > Sent: Friday, June 04, 2004 3:01 AM > Subject: GRE issues > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > > > Trying to set up GRE here for routing a /29 to the house. I am using the > > following configuration and not sure what the problem is. I get a single > > packet through from the DSL box to the remote box then I get total pack= et > > loss. I can ping the 192.168.3.1 from 192.168.2.1 but not vis versa. > > If i assign an IP to my rl0 on the DSL box from the AssignedBlock it > > pings locally but not from the internet. In fact it bounces back and > > forth > Right on, thank you for that URL. Reinforces that I am on the right track. = I=20 found that URL before I mailed the list and this confirms that I've done th= is=20 correctly. For that I wish to thank you. However, the problem still remains. See, the problem is that from the remot= e=20 side of the tunnel I can ping any IP address I assign lcoally, from the blo= ck=20 I'm trying to route over the gre tunnel. I can ping the local side of the=20 routing from the remote. However, if I ping the remote side of the tunnel=20 (NOT the IPs used in the ifconfig gre1 tunnel statement, but th= e=20 one used for the link1 statement) it fails to ping. I get exactly *one* pin= g=20 through and recorded and then the rest just "magically" disappear. The loca= l=20 side shows them going out (via ipfw add statements and counting the packets= ),=20 but the far side records only one packet recieved and ping shows one single= =20 successful send. Every packet after that seems to get lost. I've been thinking on this and want to see how far off base I am. So, feel= =20 free to tell me if you see something wrong in my logical thoughts. I have the /29 routed to here on the remote over the gre tunnel. I have=20 another route statement on THIS side (local) for the same block. (My=20 reasoning being that for the packets for that block to be answerable it has= =20 to know to go back over the tunnel. However, in my head that seems wrong=20 since routing is destination based packet routing which means that i'm just= =20 bouncing the packets back and forth over the gre tunnel. It works fine comi= ng=20 from the remote to me because, well that's the correct traffic path. The=20 route on MY side of the tunnel is wrong because I'm saying to route packets= =20 destined for the /29 BACk to the REMOTE side of the tunnel. Obviously not=20 what we want here. The example given on the URL we both have shows 2=20 different /30s being routed across the GRE. I don't have that. I have a=20 single /29 coming TO me locally. Now i need to know how to route any packet= s=20 the /29 generates in response to traffic BACK over the gre TO the remote si= de=20 and of course, back to their origination.=20 OK, so I see I'm doing it wrong with the routing statement on my side (loca= l)=20 of the gre tunnel. How would I route the packets the /29 generates (either= =20 from me just using the IPs outbound with return traffic, or as someone=20 contacting the IPs in the /29 and me responding)? Seems route is only half the answer when dealing with this. =2D --=20 D.D.W. Downey CyberSpace Technologies, Inc. AS64567-OCCAID =2D----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAwitVDQ32jEgJHCgRAqe4AKDJGkz0W+jRzw+ifjo96T+LZaSbHwCbB3OK EK5EA8RbZ+3hxg3bAivXN/A=3D =3Dx11b =2D----END PGP SIGNATURE-----