Date: Sun, 28 Oct 2001 19:23:18 -0800 From: Terry Lambert <tlambert2@mindspring.com> To: Mike Silbersack <silby@silby.com> Cc: David Kirchner <davidk@accretivetg.com>, freebsd-hackers@FreeBSD.ORG Subject: Re: disabling dynamic route addition Message-ID: <3BDCCBA6.C041CAC9@mindspring.com> References: <20011028180749.M96449-100000@achilles.silby.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Mike Silbersack wrote: > > Also, if this happens again, what additional information could I grab so I > > or others could (hopefully) successfully find the bug? > > Many dynamic route related changes have been made since 4.2, your bug may > already be fixed. You should invest time in transitioning to 4.4. THere's an interesting bug that appears to still be present in 4.4, where if you create an IPSEC VPN, a ping to the other end of the tunnel gets there, comes all the way back, but is dropped by the local machine, if the dfefault route is the machine hosting the tunnel. If you remove the default route, and add a static route to the other end of the tunnel, pointing through the gateway host, there is no problem. Note that leaving a static route while having a default route still fails. The tcpdump on the pinging host sees the packet back, but the network stack of the host does not. Can't tell you if this is a problem in the gateway host doing a rewrite when it shouldn't, and the receiving host dropping it, or the receiving host being too picky about the source of the next hop for the echo reply... If you want reproduction direction, I might be able to wrangle them out of someone, but you will need at least 4 machines to run them. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3BDCCBA6.C041CAC9>