From owner-freebsd-hackers Sun Oct 28 19:22:48 2001 Delivered-To: freebsd-hackers@freebsd.org Received: from falcon.prod.itd.earthlink.net (falcon.mail.pas.earthlink.net [207.217.120.74]) by hub.freebsd.org (Postfix) with ESMTP id 13BD737B403 for ; Sun, 28 Oct 2001 19:22:45 -0800 (PST) Received: from dialup-209.245.135.21.dial1.sanjose1.level3.net ([209.245.135.21] helo=mindspring.com) by falcon.prod.itd.earthlink.net with esmtp (Exim 3.33 #1) id 15y30b-0007hS-00; Sun, 28 Oct 2001 19:22:41 -0800 Message-ID: <3BDCCBA6.C041CAC9@mindspring.com> Date: Sun, 28 Oct 2001 19:23:18 -0800 From: Terry Lambert Reply-To: tlambert2@mindspring.com X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Mike Silbersack Cc: David Kirchner , freebsd-hackers@FreeBSD.ORG Subject: Re: disabling dynamic route addition References: <20011028180749.M96449-100000@achilles.silby.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Mike Silbersack wrote: > > Also, if this happens again, what additional information could I grab so I > > or others could (hopefully) successfully find the bug? > > Many dynamic route related changes have been made since 4.2, your bug may > already be fixed. You should invest time in transitioning to 4.4. THere's an interesting bug that appears to still be present in 4.4, where if you create an IPSEC VPN, a ping to the other end of the tunnel gets there, comes all the way back, but is dropped by the local machine, if the dfefault route is the machine hosting the tunnel. If you remove the default route, and add a static route to the other end of the tunnel, pointing through the gateway host, there is no problem. Note that leaving a static route while having a default route still fails. The tcpdump on the pinging host sees the packet back, but the network stack of the host does not. Can't tell you if this is a problem in the gateway host doing a rewrite when it shouldn't, and the receiving host dropping it, or the receiving host being too picky about the source of the next hop for the echo reply... If you want reproduction direction, I might be able to wrangle them out of someone, but you will need at least 4 machines to run them. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message