Date: Thu, 15 Mar 2001 21:38:20 -0600 From: jomor <jomor@ahpcns.com> To: Mike Burgett <mburgett@awen.com> Cc: "freebsd-security@FreeBSD.ORG" <freebsd-security@FreeBSD.ORG> Subject: Re: IPSEC tunnel without gif? Message-ID: <3AB18AAC.9069CBF2@ahpcns.com> References: <200103150440.f2F4eZB25117@dragon.awen.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Mike Burgett wrote: > On Wed, 14 Mar 2001 22:21:30 -0600, jomor wrote: > > >The gateway that received the pings was transmitting ARP > >requests but strangely, it was trying to get the hardware > >address of the other tunnel endpoint rather than that of > >the router in the middle. Since the ARP requests were never > >answered, the ping response was never transmitted. > > This sounds an awful lot like: > > http://www.FreeBSD.org/cgi/query-pr.cgi?pr=21079 > > I added a static arp entry for my router awhile back to work around this > very thing. > > Thanks, > Mike Yup that's it. I got the same thing testing with a straight (no ipsec) gif tunnel too. Are you running this in a "production" environment or just playing with it? Has it proven reliable with the static arp entry? I was pleasantly surprised to find that I didn't have any PMTUD problems today (with ipsec up) like I did with PPTP. Thanks ...jgm To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3AB18AAC.9069CBF2>