Date: Wed, 28 Nov 2012 15:34:26 +0800 From: hshh <hunreal@gmail.com> To: freebsd-net@freebsd.org Subject: traceroute issue on gif tunnel with ipsec Message-ID: <CAJrEuZY%2B1WzpJpGp-4WpjpAw8-SQW5UfVOHQQpExyC0NtSe9Zw@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hi all I setup 2 networks connected with gif tunnel. network1(172.16.0.0/24 )<->server1(172.16.0.254)<-gif->server2(10.0.0.254)<->network2(10.0.0.0/24) Servers are running FreeBSD 9.0-RELEASE. If I only setup ipip tunnel without IPSEC, the traceroute works correctly. Proper result of traceroute from network 1 to network 2 1 <1 ms <1 ms <1 ms 172.16.0.254 2 100 ms 100 ms 100 ms 10.0.0.254 3 100 ms 100 ms 100 ms 10.0.0.1 If I enable IPSEC for gif tunnel, traceroute result is, 1 <1 ms <1 ms <1 ms 172.16.0.254 2 * * * Request timed out. 3 100 ms 100 ms 100 ms 10.0.0.1 I also tried IPSEC transport and tunnel mode, but no help. Here is ipsec.conf spdflush; spdadd 172.16.0.254/32 10.0.0.254/32 ipencap -P out ipsec esp/transport//require; spdadd 10.0.0.254/32 172.16.0.254/32 ipencap -P in ipsec esp/transport//require; flush; add 172.16.0.254 10.0.0.254 esp 10001 -E blowfish-cbc "123456"; add 10.0.0.254 172.16.0.254 esp 10002 -E blowfish-cbc "123456"; It also effects my 6in4 tunnel, traceroute6 not works either. Any solution for this?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAJrEuZY%2B1WzpJpGp-4WpjpAw8-SQW5UfVOHQQpExyC0NtSe9Zw>