Date: Mon, 21 Mar 2011 18:30:44 +0200 From: Andrei Manescu - Ivorde <andrei.manescu@ivorde.ro> To: <freebsd-net@freebsd.org> Subject: tcp/ip stack sending icmp "ttl exceeded in traffic" back through gre \w ipsec-esp encryption tunnels. Message-ID: <cabf825bc3c602d1a1b638fa9aae35da@localhost>
next in thread | raw e-mail | index | archive | help
Hello, I was following up on this old thread "ICMP Error transmission/response over IPSec tunnels [1]" as I'm running into a similar issue on 7.4-STABLE: Problem: RouterA and RouterB in the following diagram are FreeBSD 6.4-STABLE and 7.4-STABLE running a gre tunnel and ipsec transport mode encryption on top of it. None of them send an icmp error "TTL Exceeded in traffic" when the TTL of the packet reaches 0 after they decrement it. Code: hostA----RouterA--GRE-inside-IPSEC/ESP/transport---RouterB---hostB Packets sent from hostA to hostB with a TTL2 that should have an ICMP "TTL exceeded in traffic" returned by RouterB have no effect. Of course, TTL3 packets are being returned by hostB through RouterB and back through the tunnel. Any plans from tcp/ip stack developers regarding this behavior ? -- Regards, Andrei Manescu Links: ------ [1] http://groups.google.com/group/mailing.freebsd.net/browse_thread/thread/1e121c81e44c88b4/9927ce8abc6d7de9
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?cabf825bc3c602d1a1b638fa9aae35da>