FreeBSD Mail Archives

Date:      Tue, 13 Aug 2002 16:57:52 -0700
From:      Lars Eggert <larse@ISI.EDU>
To:        Terry Lambert <tlambert2@mindspring.com>
Cc:        Les Biffle <les@safety.net>, hackers@freebsd.org
Subject:   Re: IP routing question
Message-ID:  <3D599D00.8070807@isi.edu>
References:  <200208131813.g7DIDiH14643@ns3.safety.net> <3D599416.5CDE92D9@mindspring.com> <3D599679.5090507@isi.edu> <3D599992.7C954D42@mindspring.com>


[-- Attachment #1 --]
Terry Lambert wrote:
> Lars Eggert wrote:
> 
>>I don't think we have the same definition of "the IPSec tunnel problem."
>>Mine is "tunnel mode SAs aren't interfaces, and IPsec duplicates
>>encapsulation and firewalling techniques that are (better) handled
>>outside IPsec", see draft-touch-ipsec-vpn.
>>
>>Having or not having a default route won't matter, since you'll have
>>more specific routes that match before the default route would be picked.
> 
> 
> As you say, SA's are not interfaces.  Try pinging over the link
> from hosts on either side of the tunnel, e.g.:
> 
> 10.0.1.15/8<--->10.0.1.1/8		10.0.2.1/8<---->10.0.2.11/8
> 		public IP #1<----------->public IP #2
> 
> Ping #1    <---------------------------->		works
> Ping #2    <------------------------------------------->broken
> 
> Get rid of the default route, and ping #2 starts working.

That looks like a routing issue on the tunnel endpoint that's 
independent from IPsec - what's in the routing table?

Lars
-- 
Lars Eggert <larse@isi.edu>           USC Information Sciences Institute

[-- Attachment #2 --]
0�	*�H��
��0�10	+0�	*�H��
���0��0���G0
	*�H��
0��10	UZA10UWestern Cape10U	Cape Town10
U
Thawte10UCertificate Services1(0&UPersonal Freemail RSA 2000.8.300
010824164000Z
020824164000Z0T10
UEggert1
0U*Lars10ULars Eggert10	*�H��
	
larse@isi.edu0��0
	*�H��
��0���������|\Pw��� �v����~��~�F�Do�o�ӦA��\-��	� ���Cˀ�4�.��)&��{�肋���,z�(ܷر��߈��T7�_'t�xGH^tt/ҹB8��%�t<#�ֲN��V0T0*+e!000L2uMyffBNUbNJJcdZ2s0U0�
larse@isi.edu0U�00
	*�H��
����a�JP���M�Ւ�]cѭC+��kS��+wZ�1���gY"�,Y���T�41�
�j����6:~�℩��D���������~�Kؚ�l���=�u(Վ��M?cF��7@����}��T��0��0���G0
	*�H��
0��10	UZA10UWestern Cape10U	Cape Town10
U
Thawte10UCertificate Services1(0&UPersonal Freemail RSA 2000.8.300
010824164000Z
020824164000Z0T10
UEggert1
0U*Lars10ULars Eggert10	*�H��
	
larse@isi.edu0��0
	*�H��
��0���������|\Pw��� �v����~��~�F�Do�o�ӦA��\-��	� ���Cˀ�4�.��)&��{�肋���,z�(ܷر��߈��T7�_'t�xGH^tt/ҹB8��%�t<#�ֲN��V0T0*+e!000L2uMyffBNUbNJJcdZ2s0U0�
larse@isi.edu0U�00
	*�H��
����a�JP���M�Ւ�]cѭC+��kS��+wZ�1���gY"�,Y���T�41�
�j����6:~�℩��D���������~�Kؚ�l���=�u(Վ��M?cF��7@����}��T��0�80���fEr��t��cvE��.�0
	*�H��
0��10	UZA10UWestern Cape10U	Cape Town10U
Thawte Consulting1(0&UCertification Services Division1$0"UThawte Personal Freemail CA1+0)	*�H��
	personal-freemail@thawte.com0
000830000000Z
040827235959Z0��10	UZA10UWestern Cape10U	Cape Town10
U
Thawte10UCertificate Services1(0&UPersonal Freemail RSA 2000.8.300��0
	*�H��
��0�����32�c�	%E>�nx'g��ڈ���D)�c5*mp<�ܮ��to0�3��4q��m���O�e�
�K���a����U�5��u�'��r���װ�����|CBPQ��<�9��T������If-	��k�i�N0L0)U"0 �010UPrivateLabel1-2970U�0�0U0
	*�H��
��1�KG]�q��Sl]y�=��&b�"��"��I�'{9����$����
*8�PU�l�
�L����G�l�X�1B	l�i�+�@]j�y��.%݊���
��Z��<�D�&i�H�Υ����bb��1��0��0��0��10	UZA10UWestern Cape10U	Cape Town10
U
Thawte10UCertificate Services1(0&UPersonal Freemail RSA 2000.8.30�G0	+��a0	*�H��
	1	*�H��
0	*�H��
	1
020813235752Z0#	*�H��
	18Aia�70=��i%�r�0R	*�H��
	1E0C0
*�H��
0*�H��
�0
*�H��
@0+0
*�H��
(0��*�H��
	1�����0��10	UZA10UWestern Cape10U	Cape Town10
U
Thawte10UCertificate Services1(0&UPersonal Freemail RSA 2000.8.30�G0
	*�H��
����3c��s�-�6�P)Z���?�5����XLz3��l�4ZBf�`ИJ�?f�)�����	$����#��s��z�܅�����l��c��}�R8��<'��|6�����R�>���c�.��߄

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3D599D00.8070807>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation