ah_input: packet replay failure
Eugene M. Zheganin
emz at norma.perm.ru
Fri Dec 3 13:00:22 UTC 2010
Hi.
On 03.12.2010 01:58, Bjoern A. Zeeb wrote:
>>
>> FreeBSD A >======ipsec over gre===> FreeBSD B
> I'm using FreeBSD as a security gateway:
>
> What it means is that a packet with either an invalid sequence, a
> sequence lower than the last seen and outside the window, or a
> sequence seen already (lately) has arrived.
>
> Could it be that something is duplicating packets or that you have
> packet loss between A and B? Given that you say that you are running
> IPsec on top of GRE (which sounds strange anyway) I'd monitor the
> outer tunnel endpoints independently to see what's going on.
Well, could you be more exact, please, about what did you mean by saying
'strange' ?
Probably, my english isn't that good, I just tried to say that I use
ipsec to encrypt my gre tunnels.
Could this out-of-the-sequence thing be caused by traffic shaping, such
as pf ALTQing ?
I just realised that this is the only link I have which has the queueing
enabled.
Thanks.
Eugene.
More information about the freebsd-net
mailing list