FreeBSD 6.3 gre and traceroute

Stephen Clark sclark46 at earthlink.net
Thu Nov 13 04:46:24 PST 2008 

Robert Noland wrote:
> On Wed, 2008-11-12 at 13:17 -0800, Julian Elischer wrote:
>> Stephen Clark wrote:
>>> Julian Elischer wrote:
>>>> you will need to define the setup and question better.
>> thanks.. cleaning it up a bit more...
>>
>> 10.0.129.1 FreeBSD workstation
>>   ^
>>   |
>>   | ethernet
>>   |
>>   v
>> 10.0.128.1 Freebsd FW "A"
>>   ^
>>   |
>>   | gre / ipsec
>>   |
>>   v
>> 192.168.3.1 FreeBSD FW "B"
>>   ^
>>   |
>>   | ethernet
>>   |
>>   v
>> 192.168.3.86 linux workstation
> 
> How are you mapping packets onto the gre?  If firewall B doesn't know
> how to reach the FreeBSD workstation directly, you will see the issue
> that you describe.  Can you ping 10.0.129.1 from Firewall B?  The ttl
> expired will be generated by Firewall B.
ospf - I can ping 192.168.3.1 from the FreeBSD Workstation just fine in fact
all the systems can ping just fine.

> 
> robert.
> 
>>> $ sudo traceroute 192.168.3.86
>>> traceroute to 192.168.3.86 (192.168.3.86), 64 hops max, 40 byte packets
>>>  1  HQFirewallRS.com (10.0.128.1)  0.575 ms  0.423 ms  0.173 ms
>>>  2  * * *
>>>  3  192.168.3.86 (192.168.3.86)  47.972 ms  45.174 ms  49.968 ms
>>>
>>> No response from the FreeBSD "B" box.
>>>
>>> When I do a tcpdump on "B" of the gre interface I see UDP packets
>>> with a TTL of 1 but no ICMP response packets being sent back.
>>> If I do the traceroute from the linux workstation 192.168.3.86 I get
>>> similar results - I don't see a response from the FreeBSD "A" box.
>> could you try using just GRE encasulation?
>> (i.e. turn off IPSEC for now)
>>
>> I think that is much more likely to be where the problem is..
>>
>>
>> _______________________________________________
>> freebsd-net at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-net
>> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"


-- 

"They that give up essential liberty to obtain temporary safety,
deserve neither liberty nor safety."  (Ben Franklin)

"The course of history shows that as a government grows, liberty
decreases."  (Thomas Jefferson)

More information about the freebsd-net mailing list