From owner-freebsd-pf@freebsd.org  Sun Mar 13 05:31:14 2016
Return-Path: <owner-freebsd-pf@freebsd.org>
Delivered-To: freebsd-pf@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 85F82ACE291
 for <freebsd-pf@mailman.ysv.freebsd.org>; Sun, 13 Mar 2016 05:31:14 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 778E58B3
 for <freebsd-pf@FreeBSD.org>; Sun, 13 Mar 2016 05:31:14 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u2D5VE1I014723
 for <freebsd-pf@FreeBSD.org>; Sun, 13 Mar 2016 05:31:14 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-pf@FreeBSD.org
Subject: [Bug 207598] pf adds icmp unreach on gre/ipsec somehow
Date: Sun, 13 Mar 2016 05:31:14 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 10.2-STABLE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: kp@freebsd.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-pf@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-207598-17777-9Kv2zNKHxH@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-207598-17777@https.bugs.freebsd.org/bugzilla/>
References: <bug-207598-17777@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
 \(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf/>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Mar 2016 05:31:14 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D207598

--- Comment #1 from Kristof Provost <kp@freebsd.org> ---
It doesn't look like a very simple setup, so ideally I'd like you to try
to simplify it a bit. For example, is the ipsec bit required, or does it
happen with just the GRE tunnels as well?
It'd also be interesting to know if it happens both with and without
'scrub fragment reassemble'.

Do you have anything 'special' in your pf.conf? (That is, route-to,
dup-to, set state-policy, ... basically anything not pass or block.)

(PS: I seem to be unable to send e-mail to you. Your mail server keeps tell=
ing
me '452 4.7.1 Try again later')

--=20
You are receiving this mail because:
You are the assignee for the bug.=