Date: Wed, 12 Nov 2008 16:36:56 -0500 From: Robert Noland <rnoland@FreeBSD.org> To: Julian Elischer <julian@elischer.org> Cc: sclark46@earthlink.net, freebsd-net@freebsd.org Subject: Re: FreeBSD 6.3 gre and traceroute Message-ID: <1226525816.61187.35.camel@squirrel.corp.cox.com> In-Reply-To: <491B47D2.6010804@elischer.org> References: <491B2703.4080707@earthlink.net> <491B31F7.30200@elischer.org> <491B4345.80106@earthlink.net> <491B47D2.6010804@elischer.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--=-q7pPc0w2JrezYaBnEuib Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Wed, 2008-11-12 at 13:17 -0800, Julian Elischer wrote: > Stephen Clark wrote: > > Julian Elischer wrote: >=20 > >> you will need to define the setup and question better. >=20 > thanks.. cleaning it up a bit more... >=20 > 10.0.129.1 FreeBSD workstation > ^ > | > | ethernet > | > v > 10.0.128.1 Freebsd FW "A" > ^ > | > | gre / ipsec > | > v > 192.168.3.1 FreeBSD FW "B" > ^ > | > | ethernet > | > v > 192.168.3.86 linux workstation How are you mapping packets onto the gre? If firewall B doesn't know how to reach the FreeBSD workstation directly, you will see the issue that you describe. Can you ping 10.0.129.1 from Firewall B? The ttl expired will be generated by Firewall B. robert. > > $ sudo traceroute 192.168.3.86 > > traceroute to 192.168.3.86 (192.168.3.86), 64 hops max, 40 byte packets > > 1 HQFirewallRS.com (10.0.128.1) 0.575 ms 0.423 ms 0.173 ms > > 2 * * * > > 3 192.168.3.86 (192.168.3.86) 47.972 ms 45.174 ms 49.968 ms > >=20 > > No response from the FreeBSD "B" box. > >=20 > > When I do a tcpdump on "B" of the gre interface I see UDP packets > > with a TTL of 1 but no ICMP response packets being sent back. >=20 > >=20 > > If I do the traceroute from the linux workstation 192.168.3.86 I get > > similar results - I don't see a response from the FreeBSD "A" box. >=20 > could you try using just GRE encasulation? > (i.e. turn off IPSEC for now) >=20 > I think that is much more likely to be where the problem is.. >=20 >=20 > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" --=-q7pPc0w2JrezYaBnEuib Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (FreeBSD) iEYEABECAAYFAkkbTHgACgkQM4TrQ4qfRONpiACcDHSz5wIQ4DaeYa2o1BLSEhWr VAUAnizCkz1kCNTUT9ERFBYsFJ68Nq35 =j8lj -----END PGP SIGNATURE----- --=-q7pPc0w2JrezYaBnEuib--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1226525816.61187.35.camel>