From owner-freebsd-security  Thu Mar 15 21:29:55 2001
Delivered-To: freebsd-security@freebsd.org
Received: from coconut.itojun.org (coconut.itojun.org [210.160.95.97])
	by hub.freebsd.org (Postfix) with ESMTP id 2269937B718
	for <freebsd-security@FreeBSD.ORG>; Thu, 15 Mar 2001 21:29:53 -0800 (PST)
	(envelope-from itojun@itojun.org)
Received: from kiwi.itojun.org (localhost.itojun.org [127.0.0.1])
	by coconut.itojun.org (8.9.3+3.2W/3.7W) with ESMTP id OAA19429;
	Fri, 16 Mar 2001 14:29:36 +0900 (JST)
To: jomor <jomor@ahpcns.com>
Cc: Mike Burgett <mburgett@awen.com>,
	"freebsd-security@FreeBSD.ORG" <freebsd-security@FreeBSD.ORG>
In-reply-to: jomor's message of Thu, 15 Mar 2001 21:38:20 CST.
      <3AB18AAC.9069CBF2@ahpcns.com>
X-Template-Reply-To: itojun@itojun.org
X-Template-Return-Receipt-To: itojun@itojun.org
X-PGP-Fingerprint: F8 24 B4 2C 8C 98 57 FD  90 5F B4 60 79 54 16 E2
Subject: Re: IPSEC tunnel without gif?
From: itojun@iijlab.net
Date: Fri, 16 Mar 2001 14:29:36 +0900
Message-ID: <19427.984720576@coconut.itojun.org>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


>> >The gateway that received the pings was transmitting ARP
>> >requests but strangely, it was trying to get the hardware
>> >address of the other tunnel endpoint rather than that of
>> >the router in the middle. Since the ARP requests were never
>> >answered, the ping response was never transmitted.

	so you are seeing ARP for tunnel inner addresses?

http://www.kame.net/dev/cvsweb.cgi/kame/kame/sys/netinet6/ipsec.c.diff?r1=1.84&r2=1.85

	should fix the above issue.  not sure about freebsd merge status.

itojun

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message