FreeBSD 6.3 gre and traceroute
Stephen Clark
sclark46 at earthlink.net
Thu Nov 13 04:48:58 PST 2008
Julian Elischer wrote:
> Stephen Clark wrote:
>> Julian Elischer wrote:
>
>>> you will need to define the setup and question better.
>
> thanks.. cleaning it up a bit more...
>
> 10.0.129.1 FreeBSD workstation
> ^
> |
> | ethernet
> |
> v
> 10.0.128.1 Freebsd FW "A"
> ^
> |
> | gre / ipsec
> |
> v
> 192.168.3.1 FreeBSD FW "B"
> ^
> |
> | ethernet
> |
> v
> 192.168.3.86 linux workstation
>
>> $ sudo traceroute 192.168.3.86
>> traceroute to 192.168.3.86 (192.168.3.86), 64 hops max, 40 byte packets
>> 1 HQFirewallRS.com (10.0.128.1) 0.575 ms 0.423 ms 0.173 ms
>> 2 * * *
>> 3 192.168.3.86 (192.168.3.86) 47.972 ms 45.174 ms 49.968 ms
>>
>> No response from the FreeBSD "B" box.
>>
>> When I do a tcpdump on "B" of the gre interface I see UDP packets
>> with a TTL of 1 but no ICMP response packets being sent back.
>
>>
>> If I do the traceroute from the linux workstation 192.168.3.86 I get
>> similar results - I don't see a response from the FreeBSD "A" box.
>
> could you try using just GRE encasulation?
> (i.e. turn off IPSEC for now)
>
> I think that is much more likely to be where the problem is..
>
>
I'll have to set this up to test it.
What code in the FreeBSD kernel is responsible for generating the response ICMP
dest unreachable message?
--
"They that give up essential liberty to obtain temporary safety,
deserve neither liberty nor safety." (Ben Franklin)
"The course of history shows that as a government grows, liberty
decreases." (Thomas Jefferson)
More information about the freebsd-net
mailing list