[Bug 228108] if_ipsec drops all the icmp v4&v6 error messages
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Tue Jul 24 21:15:57 UTC 2018
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=228108
dpd at dpdtech.com changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dpd at dpdtech.com
--- Comment #9 from dpd at dpdtech.com ---
This change breaks ICMP ECHO (pings) to the receiving end of peer to peer /30
of the IPsec tunnel between FreeBSD and Juniper JunOS on their SRX products.
To JunOS 12.x, this seems to block both ICMP and BGP packets to the other end
of the tunnel (being compared to 11.1-STABLE r331329), which works in this
setup.
To JunOS 17.x and an SRX, OSPF seems to work, but ICMP ECHO does not. (I don't
yet have BGP in this setup).
However, between 11.1-STABLE r331329 and 11.2-STABLE r335594, IPsec tunnels get
established, pings work, and BGP does establish.
In the case of 11.2 -> JunOS 17, the tunnels and OSPF did come up, and ICMP
does work routed across the tunnel, just not to the tunnel's termination point.
I can't seem to explain it, and seemly a little strange mix of OS and hardware,
but reverting this one line seemed to fix all the issues I had.
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the freebsd-net
mailing list