From owner-freebsd-net@FreeBSD.ORG Wed Nov 12 21:17:07 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 39410106564A for ; Wed, 12 Nov 2008 21:17:07 +0000 (UTC) (envelope-from prvs=julian=195c31f52@elischer.org) Received: from smtp-outbound.ironport.com (smtp-outbound.ironport.com [63.251.108.112]) by mx1.freebsd.org (Postfix) with ESMTP id 21CBD8FC16 for ; Wed, 12 Nov 2008 21:17:07 +0000 (UTC) (envelope-from prvs=julian=195c31f52@elischer.org) Received: from jelischer-laptop.sfo.ironport.com (HELO julian-mac.elischer.org) ([10.251.22.38]) by smtp-outbound.ironport.com with ESMTP; 12 Nov 2008 13:17:07 -0800 Message-ID: <491B47D2.6010804@elischer.org> Date: Wed, 12 Nov 2008 13:17:06 -0800 From: Julian Elischer User-Agent: Thunderbird 2.0.0.17 (Macintosh/20080914) MIME-Version: 1.0 To: sclark46@earthlink.net References: <491B2703.4080707@earthlink.net> <491B31F7.30200@elischer.org> <491B4345.80106@earthlink.net> In-Reply-To: <491B4345.80106@earthlink.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org Subject: Re: FreeBSD 6.3 gre and traceroute X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Nov 2008 21:17:07 -0000 Stephen Clark wrote: > Julian Elischer wrote: >> you will need to define the setup and question better. thanks.. cleaning it up a bit more... 10.0.129.1 FreeBSD workstation ^ | | ethernet | v 10.0.128.1 Freebsd FW "A" ^ | | gre / ipsec | v 192.168.3.1 FreeBSD FW "B" ^ | | ethernet | v 192.168.3.86 linux workstation > $ sudo traceroute 192.168.3.86 > traceroute to 192.168.3.86 (192.168.3.86), 64 hops max, 40 byte packets > 1 HQFirewallRS.com (10.0.128.1) 0.575 ms 0.423 ms 0.173 ms > 2 * * * > 3 192.168.3.86 (192.168.3.86) 47.972 ms 45.174 ms 49.968 ms > > No response from the FreeBSD "B" box. > > When I do a tcpdump on "B" of the gre interface I see UDP packets > with a TTL of 1 but no ICMP response packets being sent back. > > If I do the traceroute from the linux workstation 192.168.3.86 I get > similar results - I don't see a response from the FreeBSD "A" box. could you try using just GRE encasulation? (i.e. turn off IPSEC for now) I think that is much more likely to be where the problem is..