From owner-freebsd-stable@FreeBSD.ORG  Fri Nov 14 14:31:29 2008
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 59F241065674
	for <freebsd-stable@freebsd.org>; Fri, 14 Nov 2008 14:31:29 +0000 (UTC)
	(envelope-from sclark46@earthlink.net)
Received: from elasmtp-curtail.atl.sa.earthlink.net
	(elasmtp-curtail.atl.sa.earthlink.net [209.86.89.64])
	by mx1.freebsd.org (Postfix) with ESMTP id 093748FC14
	for <freebsd-stable@freebsd.org>; Fri, 14 Nov 2008 14:31:28 +0000 (UTC)
	(envelope-from sclark46@earthlink.net)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=dk20050327; d=earthlink.net;
	b=UusO8+kvIwyExiwxrPJleJ9WkBRcjuIBfHP1/andN/eX39Cg7fLeDRLNIC3mNAlq;
	h=Received:Message-ID:Date:From:Reply-To:User-Agent:MIME-Version:To:Subject:References:In-Reply-To:Content-Type:Content-Transfer-Encoding:X-ELNK-Trace:X-Originating-IP;
Received: from [208.118.36.229] (helo=joker.seclark.com)
	by elasmtp-curtail.atl.sa.earthlink.net with esmtpsa
	(TLSv1:AES256-SHA:256) (Exim 4.67)
	(envelope-from <sclark46@earthlink.net>) id 1L0zhn-0007wU-JY
	for freebsd-stable@freebsd.org; Fri, 14 Nov 2008 09:31:27 -0500
Message-ID: <491D8BBC.8090201@earthlink.net>
Date: Fri, 14 Nov 2008 09:31:24 -0500
From: Stephen Clark <sclark46@earthlink.net>
User-Agent: Thunderbird 2.0.0.16 (X11/20080723)
MIME-Version: 1.0
To: FreeBSD Stable <freebsd-stable@freebsd.org>
References: <491B2703.4080707@earthlink.net>	<491B31F7.30200@elischer.org>		<491B4345.80106@earthlink.net>	<491B47D2.6010804@elischer.org>		<491C2235.4090509@earthlink.net>	<1226589468.1976.12.camel@wombat.2hip.net>	<491C4EC2.2000802@earthlink.net>
	<491D6CED.50006@earthlink.net>
In-Reply-To: <491D6CED.50006@earthlink.net>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-ELNK-Trace: a437fbc6971e80f61aa676d7e74259b7b3291a7d08dfec79f220bc3b247bd65942449f87253af95d350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 208.118.36.229
Subject: FreeBSD 6.3 ipsec and traceroute doesn't work as good as Linux -why?
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: sclark46@earthlink.net
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Nov 2008 14:31:29 -0000


  10.0.129.1 FreeBSD workstation
   ^
   |
   | ethernet
   |
   v
  10.0.128.1 Freebsd FW "A"
   ^
   |
   | ipsec
   |
   v
  192.168.2.1 Linux FW "B"
   ^
   |
   | ethernet
   |
   v
192.168.2.20 linux workstation

from 192.168.2.20 Linux<->ipsec<->FreeBSD

traceroute -I 10.0.129.1
traceroute to 10.0.129.1 (10.0.129.1), 30 hops max, 60 byte packets
  1  192.168.2.1 (192.168.2.1)  0.434 ms  0.425 ms  0.423 ms
  2  * * *
  3  sclark (10.0.129.1)  42.418 ms  42.419 ms  42.727 ms

traceroute -I 10.0.128.1
traceroute to 10.0.128.1 (10.0.128.1), 30 hops max, 60 byte packets
  1  192.168.2.1 (192.168.2.1)  0.398 ms  0.504 ms  0.505 ms
  2  10.0.128.1 (10.0.128.1)  36.066 ms  36.052 ms  37.800 ms

traceroute 10.0.129.1
traceroute to 10.0.129.1 (10.0.129.1), 30 hops max, 60 byte packets
  1  192.168.2.1 (192.168.2.1)  0.484 ms  0.464 ms  0.447 ms
  2  * * *
  3  sclark (10.0.129.1)  41.406 ms  41.391 ms  47.812 ms

traceroute 10.0.128.1
traceroute to 10.0.128.1 (10.0.128.1), 30 hops max, 60 byte packets
  1   (192.168.2.1)  0.473 ms  0.444 ms  0.427 ms
  2  * * *
  3  * * *
  4  * * *
  5  * * *
  6  * * *
  7  * * *
  8  * * *
  9  * * *
10  * * *
11  * * *
12  * *^C



from 10.0.129.1 FreeBSD<->ipsec<->Linux
sudo traceroute 192.168.2.20
traceroute to 192.168.2.20 (192.168.2.20), 64 hops max, 40 byte packets
  1  HQFirewallRS.com (10.0.128.1)  0.761 ms  2.551 ms  4.017 ms
  2  * * *
  3  192.168.2.20 (192.168.2.20)  19.956 ms  27.425 ms  27.487 ms

sclark:~
$ sudo traceroute 192.168.2.1
traceroute to 192.168.2.1 (192.168.2.1), 64 hops max, 40 byte packets
  1  HQFirewallRS.com (10.0.128.1)  8.069 ms  2.952 ms  4.050 ms
  2  home (192.168.2.1)  26.338 ms  22.132 ms  24.233 ms

sclark:~
$ sudo traceroute -I 192.168.2.20
traceroute to 192.168.2.20 (192.168.2.20), 64 hops max, 60 byte packets
  1  HQFirewallRS.com (10.0.128.1)  0.714 ms  0.806 ms  0.221 ms
  2  home (192.168.2.1)  25.260 ms  25.312 ms  25.868 ms
  3  192.168.2.20 (192.168.2.20)  36.477 ms  24.828 ms  24.903 ms

sclark:~
$ sudo traceroute -I 192.168.2.1
traceroute to 192.168.2.1 (192.168.2.1), 64 hops max, 60 byte packets
  1  HQFirewallRS.com (10.0.128.1)  2.219 ms  1.889 ms  4.491 ms
  2  home (192.168.2.1)  26.172 ms  25.706 ms  24.981 ms

tracerouteing to Linux never just gives a * * *, * * *, * * *, etc

-- 

"They that give up essential liberty to obtain temporary safety,
deserve neither liberty nor safety."  (Ben Franklin)

"The course of history shows that as a government grows, liberty
decreases."  (Thomas Jefferson)