From owner-freebsd-security Fri Mar 16 9:58: 2 2001 Delivered-To: freebsd-security@freebsd.org Received: from peace.mahoroba.org (peace.calm.imasy.or.jp [202.227.26.34]) by hub.freebsd.org (Postfix) with ESMTP id 8CB3237B719 for ; Fri, 16 Mar 2001 09:57:58 -0800 (PST) (envelope-from ume@FreeBSD.org) Received: from localhost (IDENT:WR7wH86hkIS8CelPaXz3tP2/ovMRPW3y3dykVc1g8qX7AIRgsIQKw4zDFsROLHAt@localhost [::1]) (authenticated as ume with CRAM-MD5) by peace.mahoroba.org (8.11.3/8.11.3/peace) with ESMTP/inet6 id f2GHs2R54078; Sat, 17 Mar 2001 02:54:03 +0900 (JST) (envelope-from ume@FreeBSD.org) Date: Sat, 17 Mar 2001 02:53:58 +0900 (JST) Message-Id: <20010317.025358.74704976.ume@FreeBSD.org> To: itojun@iijlab.net Cc: jomor@ahpcns.com, mburgett@awen.com, freebsd-security@FreeBSD.ORG Subject: Re: IPSEC tunnel without gif? From: Hajimu UMEMOTO In-Reply-To: <19427.984720576@coconut.itojun.org> References: <3AB18AAC.9069CBF2@ahpcns.com> <19427.984720576@coconut.itojun.org> X-Mailer: xcite1.38> Mew version 1.95b97 on Emacs 20.7 / Mule 4.0 =?iso-2022-jp?B?KBskQjJWMWMbKEIp?= X-PGP-Public-Key: http://www.imasy.org/~ume/publickey.asc X-PGP-Fingerprint: 6B 0C 53 FC 5D D0 37 91 05 D0 B3 EF 36 9B 6A BC X-URL: http://www.imasy.org/~ume/ X-OS: FreeBSD 5.0-CURRENT Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >>>>> On Fri, 16 Mar 2001 14:29:36 +0900 >>>>> itojun@iijlab.net said: >> >The gateway that received the pings was transmitting ARP >> >requests but strangely, it was trying to get the hardware >> >address of the other tunnel endpoint rather than that of >> >the router in the middle. Since the ARP requests were never >> >answered, the ping response was never transmitted. itojun> so you are seeing ARP for tunnel inner addresses? itojun> http://www.kame.net/dev/cvsweb.cgi/kame/kame/sys/netinet6/ipsec.c.diff?r1=1.84&r2=1.85 itojun> should fix the above issue. not sure about freebsd merge status. Since it seems no feedback from the originator of KAME PR 233, I had been suspended to merge it from KAME. I just committed it. http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet6/ipsec.c.diff?r1=1.9&r2=1.10 -- Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan ume@mahoroba.org ume@bisd.hitachi.co.jp ume@{,jp.}FreeBSD.org http://www.imasy.org/~ume/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message