From owner-freebsd-net Wed Apr 19 19:59: 6 2000 Delivered-To: freebsd-net@freebsd.org Received: from mail.snickers.org (mail.snickers.org [216.126.90.4]) by hub.freebsd.org (Postfix) with ESMTP id 1DF9737B88A for ; Wed, 19 Apr 2000 19:59:03 -0700 (PDT) (envelope-from josh@snickers.org) Received: by mail.snickers.org (Postfix, from userid 1037) id 2DAB43D1F; Wed, 19 Apr 2000 22:58:58 -0400 (EDT) Date: Wed, 19 Apr 2000 22:58:58 -0400 From: Josh Tiefenbach To: freebsd-net@freebsd.org Subject: PPPoE/ppp/pipsecd problem Message-ID: <20000419225857.A47315@snickers.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0pre2i Organization: Hah Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I've been trying to get pipsecd from ports working between my machine (on a DSL link, and using ppp/PPPoE) and another machine on the 'net at large. So far I've been having some vexing problems. I'm fairly confident that I've got pipsecd configured properly. Using the exact same configs, I've gotten the setup to work nicely both on my internal LAN (between 2 5.0-current machines) and between 2 hosts on the Internet. However, I cant seem to get pipsecd to work between my gateway machine and one of those Internet hosts. At first I thought it might be my IPFilter rules blocking the proto ESP packets, but the problem is still evident after I flush all the firewall rules. Diagram of network to make the following paragraph make sense: ------- --------- | de0 -> tun0 <--------(Internet)------------------> de1 | | 1.2.3.4 5.6.7.8 | | | | tun1 <-----------(pipsecd virtual link)----------> tun0 | | 10.10.10.1 10.10.10.2 | ------- --------- cerebus spike tun0 on cerebus is controlled via ppp, and uses de0 as the transport for PPPoE. tun1 on cerebus is controlled via pipsecd de1 on spike is a normal ethernet port tun0 on spike is controlled via pipsecd When I ping 10.10.10.2 from cerebus, a tcpdump -i tun0 shows a whole bunch of ESP packets leaving, but no replies coming back. A tcpdump -i de1 on spike shows a bunch of ESP packets coming in, and replies being sent out. *However*, if I do a tcpdump -i de0 on cerebus, I notice that those ESP replies from spike are actually hitting de0 (inside the PPPoE encapsulation), but would appear to not be passed to ppp, as I dont see them appear on tun0 A quick scan of both ppp and ng_pppoe doesnt reveal anything that suggests that either one of those entities cant handle incoming IPPROTO_ESP packets. cerebus is: FreeBSD cerebus 5.0-CURRENT FreeBSD 5.0-CURRENT #9: Sun Apr 16 18:02:27 EDT 2000 make world done immediately after kernel. Any suggestions from the floor? Brian? Julian? josh -- Give me rampant intellectualism as a coping strategy! -- Chuck Palahniuk in Invisible Monsters To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message