From owner-freebsd-net@FreeBSD.ORG Thu Nov 27 15:42:48 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4E2B9106564A for ; Thu, 27 Nov 2008 15:42:48 +0000 (UTC) (envelope-from frank@harz.behrens.de) Received: from post.behrens.de (post.behrens.de [IPv6:2a01:170:1023::1:2]) by mx1.freebsd.org (Postfix) with ESMTP id A2C708FC14 for ; Thu, 27 Nov 2008 15:42:47 +0000 (UTC) (envelope-from frank@harz.behrens.de) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=behrens.de; h=from:to:date:mime-version:subject:in-reply-to:references:content-type:content-transfer-encoding:content-description; s=pinky1; t=1227800565; i=frank@harz.behrens.de; bh=w3FzHEZ4GUUxq/gggK4LX5/NlABVayN4qp4rLWCUkto=; b=WfnjjLML2kFyrDn7QofXRZ/IeOWIdmFUd0+HjvrIyd+Ou6mv93juRSdJS/U03stUzcsiv8M1J8qWghRinMDPkw== Received: from sun.behrens ([IPv6:2a01:170:1023:0:293a:5717:e088:4f7a]) by post.behrens.de (8.14.3/8.14.2) with ESMTP(MSA) id mARFgglB004902 for ; Thu, 27 Nov 2008 16:42:42 +0100 (CET) (envelope-from frank@harz.behrens.de) Message-Id: <200811271542.mARFgglB004902@post.behrens.de> From: "Frank Behrens" To: freebsd-net@freebsd.org Date: Thu, 27 Nov 2008 16:42:42 +0100 MIME-Version: 1.0 Priority: normal In-reply-to: <20081127143300.M61259@maildrop.int.zabbadoz.net> References: <200811271425.mAREPSwm004057@post.behrens.de> X-mailer: Pegasus Mail for Windows (4.31, DE v4.31 R1) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body X-Hashcash: 1:23:081127:freebsd-net@freebsd.org::FibMkbSj/GT29NEa:0000000000LyO/ Subject: Re: Problem with new source address selection X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Nov 2008 15:42:48 -0000 Bjoern, thanks for your fast answer. Bjoern A. Zeeb wrote on 27 Nov 2008 14:53: > Yes I know that hack though I never actually used it with a loopback > as the loopback case is *uhm* gross. You know you are telling the > kernel to actually send the packets to yourself which so far has just > worked more or less out of luck in my eyes. IMHO here we see again the main problem of IPSEC. Suddenly packets disappear in kernel, are tunneled with ipsec and appear on other end. A gif-like device with routes instead of SPD entries would have some advantages. > So is your 192.168.90.0/24 on any other interface but the lo2? > Is it the only network on that interface or are there aliases? For this machine the simplified setup is: - an ethernet interface for private net with address 192.168.90.1/24 and additional aliases for external addresses - several tun devices with external and private addresses and routes - lo0 as real loopback device with 127.0.0.1/8 - lo1 with private jail addresses Now I want to tunnel between my 192.168.90.0/24 and a foreign 192.168.200.0/24. So I assigned 192.168.90.254/32 to lo2 and created a static route. > From the code down I take it that the connect(2) call happens outside > any jail and not within a jail, right? Yes, this is outside a jail. With jails I had no problems, every jail has currently one ipv4 and one ipv6 address. > Let me answer those later; in case you cannot reveal your network > setup in public; contact me offlist. If desired I could send you the complete interface and routing table. But I believe you should be able to see the problem with my example above. Thanks for sour support, Frank -- Frank Behrens, Osterwieck, Germany PGP-key 0x5B7C47ED on public servers available.