From owner-freebsd-net@FreeBSD.ORG Fri May 29 01:13:40 2015 Return-Path: Delivered-To: net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 3DDCBCE6; Fri, 29 May 2015 01:13:40 +0000 (UTC) (envelope-from juliank@tzi.de) Received: from mailhost.informatik.uni-bremen.de (mailhost.informatik.uni-bremen.de [IPv6:2001:638:708:30c9::12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mailhost.informatik.uni-bremen.de", Issuer "Universitaet Bremen CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id C842114D1; Fri, 29 May 2015 01:13:39 +0000 (UTC) (envelope-from juliank@tzi.de) X-Virus-Scanned: amavisd-new at informatik.uni-bremen.de Received: from submithost.informatik.uni-bremen.de (submithost.informatik.uni-bremen.de [134.102.201.11]) by mailhost.informatik.uni-bremen.de (8.14.5/8.14.5) with ESMTP id t4T1DYwK003245; Fri, 29 May 2015 03:13:34 +0200 (CEST) Received: from [IPv6:2003:55:6b2b:d000:30d9:f279:82b0:be8e] (p200300556B2BD00030D9F27982B0BE8E.dip0.t-ipconnect.de [IPv6:2003:55:6b2b:d000:30d9:f279:82b0:be8e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by submithost.informatik.uni-bremen.de (Postfix) with ESMTPSA id 3lySZk3SfBz8y4K; Fri, 29 May 2015 03:13:34 +0200 (CEST) Message-ID: <5567BD3D.6050205@tzi.de> Date: Fri, 29 May 2015 03:13:33 +0200 From: Julian Kornberger User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.6.0 MIME-Version: 1.0 To: "Andrey V. Elsukov" , "net@freebsd.org" Subject: Re: Crash with GRE und IPFW fwd References: <5566565A.7030200@tzi.de> <55671F25.5070308@FreeBSD.org> <5567248B.1040207@tzi.de> <5567A65E.1040505@FreeBSD.org> In-Reply-To: <5567A65E.1040505@FreeBSD.org> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 May 2015 01:13:40 -0000 Am 29.05.2015 um 01:35 schrieb Andrey V. Elsukov: > The actual panic occurs when ip_output() does RO_RTFREE() to cached > route owned by gre(4). > > #7 0xffffffff80a58105 in ip_output (m=0xfffff800054bb000, > opt=, flags=, > imo=, inp=0x0) > at /usr/src/sys/netinet/ip_output.c:218 > #8 0xffffffff81a15797 in gre_output (ifp=0xfffff80005a33000, > m=, dst=, > ro=) > at /usr/src/sys/modules/if_gre/../../net/if_gre.c:509 > > As I see you have two gre(4) tunnels: > > gre1: inet 10.9.0.9 --> 10.9.0.8 > gre2: inet 10.9.0.11 --> 10.9.0.10 > > but which addresses do you use as tunnel endpoints? I am running a VPN server with a single public address. The local tunnel endpoints are private ip addresses: gre1: 192.168.1.3/28 --> 5.9.77.235 (the vpn server address) gre2: 192.168.1.19/28 --> 5.9.77.235 (the vpn server address) Between my FreeBSD machine and the VPN server are NAT routers (192.168.1.1 and 192.168.1.17). I also added a second public ip address to my VPN server to have different public endpoints but it crashes too. I need to use multiple tunnels to load-balance the VPN traffic. -- Julian