Date: Wed, 30 Sep 2009 13:16:47 +0200 From: "Zaidi, Abbas" <Abbas_Zaidi@mentor.com> To: <freebsd-net@freebsd.org> Cc: "Ansari, Fakhir" <Fakhir_Ansari@mentor.com>, "Khan, Fayyaz" <Fayyaz_Khan@mentor.com> Subject: FreeBSD ipsec tunnel mode packet lost Message-ID: <A19AEE62D2942649A4C49BCD0878E421CB2CAD@eu2-mail.mgc.mentorg.com>
next in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format. ------_=_NextPart_001_01CA41BF.81173469 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi I am having this strange problem establishing tunnel between FreeBSD and linux, my network setup is =20 Link2:216:76ff:febd:618c ---------|Link2::e -o- Link1::e|--------------------|Link1::f -o- Link0::e|---------------Link0:212:17ff:fe5c:9466 FreeBSDe------------------------------|FreeBSDr|------------------------ ----------|Linuxr|-----------------------------------Linuxe =20 Where I want to establish a tunnel between FreeBSDr and Linuxe (that would be Link1::e <=3D=3D> Link0:212:17ff:fe5c:9466). Im using raccoon2 = to negotiate SAs dynamically.=20 Once the SAs get negotiated I send a ping request from FreeBSDe to Linuxe. The packets get an ipsec header applied at FreeBSDr reaches Linuxe a reply to packet comes back at Link1::e interface of FreeBSDr and then packet gets lost. =20 I am not using gif. Do I need it? I don't think any thing is wrong with ipsec as the seq of both in and out sa are incrementing on every echo request reply. I am new to FreeBSD and not sure about firewall, but I think its not running. There is one strange thing about security policies as of linux in case of tunnel there are 3 policies added (in, out, fwd) where as in FreeBSD it only shows 2 (in, out). Ping without ipsec from FreeBSDe to Linuxe works perfectly fine, so I assume routing tables are fine too.=20 =20 I have run out of options and do not understand what to do; any sort of help will be highly appreciated. =20 Thanks, =20 Abbas Zaidi Software Development Engineer Embedded System Division MentorGraphics Embedded <http://www.mentor.com/products/embedded_software/>=20 Office (+9242) 6099215 Cell (+92333) 4261781 =20 =20 ------_=_NextPart_001_01CA41BF.81173469--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?A19AEE62D2942649A4C49BCD0878E421CB2CAD>