[Bug 228108] if_ipsec drops all the icmp v4&v6 error messages
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Thu May 10 10:55:34 UTC 2018
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=228108
Bug ID: 228108
Summary: if_ipsec drops all the icmp v4&v6 error messages
Product: Base System
Version: 11.1-RELEASE
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: kern
Assignee: bugs at FreeBSD.org
Reporter: bugs.freebsd.org at mx.zzux.com
Example:
interface host1 host2
lan1 inet 192.168.232.239 192.168.232.244
ipsec2 tunnel 192.168.232.239 192.168.232.244
inet 192.168.233.1 192.168.233.2
gif3 tunnel 192.168.233.1 192.168.233.2
inet 192.168.233.11 192.168.233.12
ifconfig from host1
lan1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: LAN
options=4c03ba<TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,VLAN_HWTSO,LINKSTATE,TXCSUM>
ether 52:54:00:7b:04:83
hwaddr 52:54:00:7b:04:83
inet 192.168.232.239 netmask 0xffffffe0 broadcast 192.168.232.255
nd6 options=9<PERFORMNUD,IFDISABLED>
media: Ethernet 10Gbase-T <full-duplex>
status: active
ipsec2: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
tunnel inet 192.168.232.239 --> 192.168.232.244
inet 192.168.233.1 --> 192.168.233.2 netmask 0xffffffff
nd6 options=108<IFDISABLED,NO_DAD>
reqid: 132
groups: ipsec
gif3: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1480
options=80000<LINKSTATE>
tunnel inet 192.168.233.1 --> 192.168.233.2
inet6 fe80::f7e8:fd66:5229:226d%gif3 prefixlen 64 scopeid 0x6
inet 192.168.233.11 --> 192.168.233.12 netmask 0xffffffff
nd6 options=100<NO_DAD>
groups: gif
There is no firewall, GENERIC kernel only loaded.
On the host2:
route -4 add -host 10.10.10.10 127.0.0.1 -reject
On the host1:
route -4 add -host 10.10.10.10 192.168.232.244 (via LAN, icmp is OK)
ping -n -t 1 10.10.10.10
PING 10.10.10.10 (10.10.10.10): 56 data bytes
36 bytes from 192.168.232.244: Destination Host Unreachable
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 0054 aabb 0 0000 3f 01 1342 192.168.232.239 10.10.10.10
--- 10.10.10.10 ping statistics ---
2 packets transmitted, 0 packets received, 100.0% packet loss
route -4 change -host 10.10.10.10 192.168.233.2 (via if_ipsec over LAN, icmp is
BAD)
ping -n -t 1 10.10.10.10
PING 10.10.10.10 (10.10.10.10): 56 data bytes
--- 10.10.10.10 ping statistics ---
2 packets transmitted, 0 packets received, 100.0% packet loss
route -4 change -host 10.10.10.10 192.168.233.12 (via gif over if_ipsec,
icmp is OK)
ping -n -t 1 10.10.10.10
PING 10.10.10.10 (10.10.10.10): 56 data bytes
36 bytes from 192.168.233.12: Destination Host Unreachable
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 0054 aac3 0 0000 3f 01 131e 192.168.233.11 10.10.10.10
--- 10.10.10.10 ping statistics ---
2 packets transmitted, 0 packets received, 100.0% packet loss
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list