FreeBSD 6.3 gre and traceroute

Stephen Clark sclark46 at earthlink.net
Thu Nov 13 04:48:58 PST 2008


Julian Elischer wrote:
> Stephen Clark wrote:
>> Julian Elischer wrote:
> 
>>> you will need to define the setup and question better.
> 
> thanks.. cleaning it up a bit more...
> 
> 10.0.129.1 FreeBSD workstation
>  ^
>  |
>  | ethernet
>  |
>  v
> 10.0.128.1 Freebsd FW "A"
>  ^
>  |
>  | gre / ipsec
>  |
>  v
> 192.168.3.1 FreeBSD FW "B"
>  ^
>  |
>  | ethernet
>  |
>  v
> 192.168.3.86 linux workstation
> 
>> $ sudo traceroute 192.168.3.86
>> traceroute to 192.168.3.86 (192.168.3.86), 64 hops max, 40 byte packets
>>  1  HQFirewallRS.com (10.0.128.1)  0.575 ms  0.423 ms  0.173 ms
>>  2  * * *
>>  3  192.168.3.86 (192.168.3.86)  47.972 ms  45.174 ms  49.968 ms
>>
>> No response from the FreeBSD "B" box.
>>
>> When I do a tcpdump on "B" of the gre interface I see UDP packets
>> with a TTL of 1 but no ICMP response packets being sent back.
> 
>>
>> If I do the traceroute from the linux workstation 192.168.3.86 I get
>> similar results - I don't see a response from the FreeBSD "A" box.
> 
> could you try using just GRE encasulation?
> (i.e. turn off IPSEC for now)
> 
> I think that is much more likely to be where the problem is..
> 
> 
I'll have to set this up to test it.

What code in the FreeBSD kernel is responsible for generating the response ICMP 
dest unreachable message?

-- 

"They that give up essential liberty to obtain temporary safety,
deserve neither liberty nor safety."  (Ben Franklin)

"The course of history shows that as a government grows, liberty
decreases."  (Thomas Jefferson)




More information about the freebsd-net mailing list