FreeBSD 6.3 ipsec and traceroute doesn't work as good as Linux -why?
Stephen Clark
sclark46 at earthlink.net
Fri Nov 14 06:31:29 PST 2008
10.0.129.1 FreeBSD workstation
^
|
| ethernet
|
v
10.0.128.1 Freebsd FW "A"
^
|
| ipsec
|
v
192.168.2.1 Linux FW "B"
^
|
| ethernet
|
v
192.168.2.20 linux workstation
from 192.168.2.20 Linux<->ipsec<->FreeBSD
traceroute -I 10.0.129.1
traceroute to 10.0.129.1 (10.0.129.1), 30 hops max, 60 byte packets
1 192.168.2.1 (192.168.2.1) 0.434 ms 0.425 ms 0.423 ms
2 * * *
3 sclark (10.0.129.1) 42.418 ms 42.419 ms 42.727 ms
traceroute -I 10.0.128.1
traceroute to 10.0.128.1 (10.0.128.1), 30 hops max, 60 byte packets
1 192.168.2.1 (192.168.2.1) 0.398 ms 0.504 ms 0.505 ms
2 10.0.128.1 (10.0.128.1) 36.066 ms 36.052 ms 37.800 ms
traceroute 10.0.129.1
traceroute to 10.0.129.1 (10.0.129.1), 30 hops max, 60 byte packets
1 192.168.2.1 (192.168.2.1) 0.484 ms 0.464 ms 0.447 ms
2 * * *
3 sclark (10.0.129.1) 41.406 ms 41.391 ms 47.812 ms
traceroute 10.0.128.1
traceroute to 10.0.128.1 (10.0.128.1), 30 hops max, 60 byte packets
1 (192.168.2.1) 0.473 ms 0.444 ms 0.427 ms
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * *^C
from 10.0.129.1 FreeBSD<->ipsec<->Linux
sudo traceroute 192.168.2.20
traceroute to 192.168.2.20 (192.168.2.20), 64 hops max, 40 byte packets
1 HQFirewallRS.com (10.0.128.1) 0.761 ms 2.551 ms 4.017 ms
2 * * *
3 192.168.2.20 (192.168.2.20) 19.956 ms 27.425 ms 27.487 ms
sclark:~
$ sudo traceroute 192.168.2.1
traceroute to 192.168.2.1 (192.168.2.1), 64 hops max, 40 byte packets
1 HQFirewallRS.com (10.0.128.1) 8.069 ms 2.952 ms 4.050 ms
2 home (192.168.2.1) 26.338 ms 22.132 ms 24.233 ms
sclark:~
$ sudo traceroute -I 192.168.2.20
traceroute to 192.168.2.20 (192.168.2.20), 64 hops max, 60 byte packets
1 HQFirewallRS.com (10.0.128.1) 0.714 ms 0.806 ms 0.221 ms
2 home (192.168.2.1) 25.260 ms 25.312 ms 25.868 ms
3 192.168.2.20 (192.168.2.20) 36.477 ms 24.828 ms 24.903 ms
sclark:~
$ sudo traceroute -I 192.168.2.1
traceroute to 192.168.2.1 (192.168.2.1), 64 hops max, 60 byte packets
1 HQFirewallRS.com (10.0.128.1) 2.219 ms 1.889 ms 4.491 ms
2 home (192.168.2.1) 26.172 ms 25.706 ms 24.981 ms
tracerouteing to Linux never just gives a * * *, * * *, * * *, etc
--
"They that give up essential liberty to obtain temporary safety,
deserve neither liberty nor safety." (Ben Franklin)
"The course of history shows that as a government grows, liberty
decreases." (Thomas Jefferson)
More information about the freebsd-stable
mailing list