FreeBSD 6.3 gre and traceroute
sclark46 at earthlink.net
Thu Nov 13 04:46:24 PST 2008
Robert Noland wrote:
> On Wed, 2008-11-12 at 13:17 -0800, Julian Elischer wrote:
>> Stephen Clark wrote:
>>> Julian Elischer wrote:
>>>> you will need to define the setup and question better.
>> thanks.. cleaning it up a bit more...
>> 10.0.129.1 FreeBSD workstation
>> | ethernet
>> 10.0.128.1 Freebsd FW "A"
>> | gre / ipsec
>> 192.168.3.1 FreeBSD FW "B"
>> | ethernet
>> 192.168.3.86 linux workstation
> How are you mapping packets onto the gre? If firewall B doesn't know
> how to reach the FreeBSD workstation directly, you will see the issue
> that you describe. Can you ping 10.0.129.1 from Firewall B? The ttl
> expired will be generated by Firewall B.
ospf - I can ping 192.168.3.1 from the FreeBSD Workstation just fine in fact
all the systems can ping just fine.
>>> $ sudo traceroute 192.168.3.86
>>> traceroute to 192.168.3.86 (192.168.3.86), 64 hops max, 40 byte packets
>>> 1 HQFirewallRS.com (10.0.128.1) 0.575 ms 0.423 ms 0.173 ms
>>> 2 * * *
>>> 3 192.168.3.86 (192.168.3.86) 47.972 ms 45.174 ms 49.968 ms
>>> No response from the FreeBSD "B" box.
>>> When I do a tcpdump on "B" of the gre interface I see UDP packets
>>> with a TTL of 1 but no ICMP response packets being sent back.
>>> If I do the traceroute from the linux workstation 192.168.3.86 I get
>>> similar results - I don't see a response from the FreeBSD "A" box.
>> could you try using just GRE encasulation?
>> (i.e. turn off IPSEC for now)
>> I think that is much more likely to be where the problem is..
>> freebsd-net at freebsd.org mailing list
>> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
"They that give up essential liberty to obtain temporary safety,
deserve neither liberty nor safety." (Ben Franklin)
"The course of history shows that as a government grows, liberty
decreases." (Thomas Jefferson)
More information about the freebsd-net