From owner-freebsd-stable@FreeBSD.ORG Thu Dec 24 18:59:28 2009 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4C8991065672 for ; Thu, 24 Dec 2009 18:59:28 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outT.internet-mail-service.net (outt.internet-mail-service.net [216.240.47.243]) by mx1.freebsd.org (Postfix) with ESMTP id 316438FC0A for ; Thu, 24 Dec 2009 18:59:27 +0000 (UTC) Received: from idiom.com (mx0.idiom.com [216.240.32.160]) by out.internet-mail-service.net (Postfix) with ESMTP id 5526B27861; Thu, 24 Dec 2009 10:47:48 -0800 (PST) X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e Received: from julian-mac.elischer.org (h-67-100-89-137.snfccasy.static.covad.net [67.100.89.137]) by idiom.com (Postfix) with ESMTP id CEC3B2D6018; Thu, 24 Dec 2009 10:47:47 -0800 (PST) Message-ID: <4B33B76B.5070600@elischer.org> Date: Thu, 24 Dec 2009 10:48:11 -0800 From: Julian Elischer User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812) MIME-Version: 1.0 To: Xin LI References: In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org, FreeBSD Stable Subject: Re: Routing question (GRE packet vs normal traceroute)? X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Dec 2009 18:59:28 -0000 Xin LI wrote: > Hi, > > A friend of mine has encountered some problem in his setup which > consists a pair of GRE peer, one running on OpenBSD and another > running FreeBSD 7.2-RELEASE; with 7.2-STABLE, there is no improvement > over the situation. The problem we have observed seems to be related > to GRE packet not being routed as observed, here is some details: > > - The FreeBSD box has one network interface connected to two (2) > upstream network, with different IP and does not belong to the same > subnet, say, one is 1.2.3.4/24 and another is 5.6.7.8/24 > - The default gateway can be reached through the first IP address > bound to the network interface; > - An explicit route has been configured to the OpenBSD host, the > gateway being used can be reached directly via the secondary (aliased > 5.6.7.8/24) IP. > - Both the default gateway and the explicit host route can reach the > OpenBSD route. > > The problem they had is, while traceroute to the OpenBSD host can give > the desired result, however, packets that is supposed to be > transferred through the GRE tunnel, while they will be encapsulated > into a GRE packet, the GRE packet itself won't go to the explicit host > route, but end up going to the default gateway. > > The friend has configured his switch to "bounce" the packet back to > the server by configuring a host route on L3 switch, and it seems that > the FreeBSD box is able to route the GRE packet to its desired gateway > this time. > > Any suggestions? there is a hack in the GRE code "that you can turn off" where the GRE envelope is looking up the address of the peer *WITH THE LAST BIT SWITCHED* try adding a route to the address of the openBSD host with /31 (not 32) I forget how to turn it off but th man page says. there IS a good reason for it if you want packets for the OpenBSD host itself to go through the tunnel.. Then you need to not use that address itself or you get a routing loop. > > Cheers,