From owner-freebsd-net@FreeBSD.ORG Thu Nov 13 12:48:58 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 771EA1065670 for ; Thu, 13 Nov 2008 12:48:58 +0000 (UTC) (envelope-from sclark46@earthlink.net) Received: from elasmtp-kukur.atl.sa.earthlink.net (elasmtp-kukur.atl.sa.earthlink.net [209.86.89.65]) by mx1.freebsd.org (Postfix) with ESMTP id 31CD88FC14 for ; Thu, 13 Nov 2008 12:48:58 +0000 (UTC) (envelope-from sclark46@earthlink.net) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=dk20050327; d=earthlink.net; b=DNc1KH53CEVcUoFAaCkeFlJ+qB/pN5THiO4DtGhx5+vPHUJzUv3wI0dJdiIZ/OOI; h=Received:Message-ID:Date:From:Reply-To:User-Agent:MIME-Version:To:CC:Subject:References:In-Reply-To:Content-Type:Content-Transfer-Encoding:X-ELNK-Trace:X-Originating-IP; Received: from [208.118.36.229] (helo=joker.seclark.com) by elasmtp-kukur.atl.sa.earthlink.net with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.67) (envelope-from ) id 1L0bd0-0003yN-Vy; Thu, 13 Nov 2008 07:48:55 -0500 Message-ID: <491C2235.4090509@earthlink.net> Date: Thu, 13 Nov 2008 07:48:53 -0500 From: Stephen Clark User-Agent: Thunderbird 2.0.0.16 (X11/20080723) MIME-Version: 1.0 To: Julian Elischer References: <491B2703.4080707@earthlink.net> <491B31F7.30200@elischer.org> <491B4345.80106@earthlink.net> <491B47D2.6010804@elischer.org> In-Reply-To: <491B47D2.6010804@elischer.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-ELNK-Trace: a437fbc6971e80f61aa676d7e74259b7b3291a7d08dfec792a8bbfc10b2ed1945d0358e647a1c728350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c X-Originating-IP: 208.118.36.229 Cc: freebsd-net@freebsd.org Subject: Re: FreeBSD 6.3 gre and traceroute X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: sclark46@earthlink.net List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Nov 2008 12:48:58 -0000 Julian Elischer wrote: > Stephen Clark wrote: >> Julian Elischer wrote: > >>> you will need to define the setup and question better. > > thanks.. cleaning it up a bit more... > > 10.0.129.1 FreeBSD workstation > ^ > | > | ethernet > | > v > 10.0.128.1 Freebsd FW "A" > ^ > | > | gre / ipsec > | > v > 192.168.3.1 FreeBSD FW "B" > ^ > | > | ethernet > | > v > 192.168.3.86 linux workstation > >> $ sudo traceroute 192.168.3.86 >> traceroute to 192.168.3.86 (192.168.3.86), 64 hops max, 40 byte packets >> 1 HQFirewallRS.com (10.0.128.1) 0.575 ms 0.423 ms 0.173 ms >> 2 * * * >> 3 192.168.3.86 (192.168.3.86) 47.972 ms 45.174 ms 49.968 ms >> >> No response from the FreeBSD "B" box. >> >> When I do a tcpdump on "B" of the gre interface I see UDP packets >> with a TTL of 1 but no ICMP response packets being sent back. > >> >> If I do the traceroute from the linux workstation 192.168.3.86 I get >> similar results - I don't see a response from the FreeBSD "A" box. > > could you try using just GRE encasulation? > (i.e. turn off IPSEC for now) > > I think that is much more likely to be where the problem is.. > > I'll have to set this up to test it. What code in the FreeBSD kernel is responsible for generating the response ICMP dest unreachable message? -- "They that give up essential liberty to obtain temporary safety, deserve neither liberty nor safety." (Ben Franklin) "The course of history shows that as a government grows, liberty decreases." (Thomas Jefferson)