FreeBSD 6.3 ipsec and traceroute doesn't work as good as Linux -why?

Stephen Clark sclark46 at earthlink.net
Fri Nov 14 06:31:29 PST 2008


  10.0.129.1 FreeBSD workstation
   ^
   |
   | ethernet
   |
   v
  10.0.128.1 Freebsd FW "A"
   ^
   |
   | ipsec
   |
   v
  192.168.2.1 Linux FW "B"
   ^
   |
   | ethernet
   |
   v
192.168.2.20 linux workstation

from 192.168.2.20 Linux<->ipsec<->FreeBSD

traceroute -I 10.0.129.1
traceroute to 10.0.129.1 (10.0.129.1), 30 hops max, 60 byte packets
  1  192.168.2.1 (192.168.2.1)  0.434 ms  0.425 ms  0.423 ms
  2  * * *
  3  sclark (10.0.129.1)  42.418 ms  42.419 ms  42.727 ms

traceroute -I 10.0.128.1
traceroute to 10.0.128.1 (10.0.128.1), 30 hops max, 60 byte packets
  1  192.168.2.1 (192.168.2.1)  0.398 ms  0.504 ms  0.505 ms
  2  10.0.128.1 (10.0.128.1)  36.066 ms  36.052 ms  37.800 ms

traceroute 10.0.129.1
traceroute to 10.0.129.1 (10.0.129.1), 30 hops max, 60 byte packets
  1  192.168.2.1 (192.168.2.1)  0.484 ms  0.464 ms  0.447 ms
  2  * * *
  3  sclark (10.0.129.1)  41.406 ms  41.391 ms  47.812 ms

traceroute 10.0.128.1
traceroute to 10.0.128.1 (10.0.128.1), 30 hops max, 60 byte packets
  1   (192.168.2.1)  0.473 ms  0.444 ms  0.427 ms
  2  * * *
  3  * * *
  4  * * *
  5  * * *
  6  * * *
  7  * * *
  8  * * *
  9  * * *
10  * * *
11  * * *
12  * *^C



from 10.0.129.1 FreeBSD<->ipsec<->Linux
sudo traceroute 192.168.2.20
traceroute to 192.168.2.20 (192.168.2.20), 64 hops max, 40 byte packets
  1  HQFirewallRS.com (10.0.128.1)  0.761 ms  2.551 ms  4.017 ms
  2  * * *
  3  192.168.2.20 (192.168.2.20)  19.956 ms  27.425 ms  27.487 ms

sclark:~
$ sudo traceroute 192.168.2.1
traceroute to 192.168.2.1 (192.168.2.1), 64 hops max, 40 byte packets
  1  HQFirewallRS.com (10.0.128.1)  8.069 ms  2.952 ms  4.050 ms
  2  home (192.168.2.1)  26.338 ms  22.132 ms  24.233 ms

sclark:~
$ sudo traceroute -I 192.168.2.20
traceroute to 192.168.2.20 (192.168.2.20), 64 hops max, 60 byte packets
  1  HQFirewallRS.com (10.0.128.1)  0.714 ms  0.806 ms  0.221 ms
  2  home (192.168.2.1)  25.260 ms  25.312 ms  25.868 ms
  3  192.168.2.20 (192.168.2.20)  36.477 ms  24.828 ms  24.903 ms

sclark:~
$ sudo traceroute -I 192.168.2.1
traceroute to 192.168.2.1 (192.168.2.1), 64 hops max, 60 byte packets
  1  HQFirewallRS.com (10.0.128.1)  2.219 ms  1.889 ms  4.491 ms
  2  home (192.168.2.1)  26.172 ms  25.706 ms  24.981 ms

tracerouteing to Linux never just gives a * * *, * * *, * * *, etc

-- 

"They that give up essential liberty to obtain temporary safety,
deserve neither liberty nor safety."  (Ben Franklin)

"The course of history shows that as a government grows, liberty
decreases."  (Thomas Jefferson)





More information about the freebsd-stable mailing list