Date: Wed, 30 Sep 2009 14:08:23 +0200 From: VANHULLEBUS Yvan <vanhu@FreeBSD.org> To: "Zaidi, Abbas" <Abbas_Zaidi@mentor.com> Cc: freebsd-net@freebsd.org, "Ansari, Fakhir" <Fakhir_Ansari@mentor.com>, "Khan, Fayyaz" <Fayyaz_Khan@mentor.com> Subject: Re: FreeBSD ipsec tunnel mode packet lost Message-ID: <20090930120822.GA73383@zeninc.net> In-Reply-To: <A19AEE62D2942649A4C49BCD0878E421CB2CAD@eu2-mail.mgc.mentorg.com> References: <A19AEE62D2942649A4C49BCD0878E421CB2CAD@eu2-mail.mgc.mentorg.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Sep 30, 2009 at 01:16:47PM +0200, Zaidi, Abbas wrote: > Hi Hi. > I am having this strange problem establishing tunnel between FreeBSD and > linux, my network setup is [the setup] > Once the SAs get negotiated I send a ping request from FreeBSDe to > Linuxe. The packets get an ipsec header applied at FreeBSDr reaches > Linuxe a reply to packet comes back at Link1::e interface of FreeBSDr > and then packet gets lost. > > I am not using gif. Do I need it? Probably not. > I don't think any thing is wrong with ipsec as the seq of both in and > out sa are incrementing on every echo request reply. please check output of "netstat -s" (mainly sections esp, ipsec6, ip6), and see if some counters increase for each dropped packet. [...] > There is one strange thing about security policies as of linux in case > of tunnel there are 3 policies added (in, out, fwd) where as in FreeBSD > it only shows 2 (in, out). This is specific to Linux's IPsec stack implementation, just forget anything related to "fwd"..... Yvan.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090930120822.GA73383>