tcp/ip stack sending icmp "ttl exceeded in traffic" back through
gre \w ipsec-esp encryption tunnels.
Andrei Manescu - Ivorde
andrei.manescu at ivorde.ro
Mon Mar 21 17:01:06 UTC 2011
Hello,
I was following up on this old thread "ICMP Error
transmission/response over IPSec tunnels [1]" as I'm running into a similar
issue on 7.4-STABLE:
Problem: RouterA and RouterB in the following
diagram are FreeBSD 6.4-STABLE and 7.4-STABLE running a gre tunnel and
ipsec transport mode encryption on top of it.
None of them send an icmp
error "TTL Exceeded in traffic" when the TTL of the packet reaches 0 after
they decrement it. Code:
hostA----RouterA--GRE-inside-IPSEC/ESP/transport---RouterB---hostB
Packets
sent from hostA to hostB with a TTL2 that should have an ICMP "TTL
exceeded in traffic" returned by RouterB have no effect.
Of course, TTL3
packets are being returned by hostB through RouterB and back through the
tunnel.
Any plans from tcp/ip stack developers regarding this behavior ?
--
Regards,
Andrei Manescu
Links:
------
[1]
http://groups.google.com/group/mailing.freebsd.net/browse_thread/thread/1e121c81e44c88b4/9927ce8abc6d7de9
More information about the freebsd-net
mailing list