Problem with new source address selection

Frank Behrens frank at
Thu Nov 27 07:42:48 PST 2008


thanks for your fast answer.

Bjoern A. Zeeb <bzeeb-lists at> wrote on 27 Nov 2008 14:53:
> Yes I know that hack though I never actually used it with a loopback
> as the loopback case is *uhm* gross. You know you are telling the
> kernel to actually send the packets to yourself which so far has just
> worked more or less out of luck in my eyes.

IMHO here we see again the main problem of IPSEC. Suddenly packets 
disappear in kernel, are tunneled with ipsec and appear on other end. 
A gif-like device with routes instead of SPD entries would have some 

> So is your on any other interface but the lo2?
> Is it the only network on that interface or are there aliases?

For this machine the simplified setup is:
- an ethernet interface for private net with address 
and additional aliases for external addresses
- several tun devices with external and private addresses and routes
- lo0 as real loopback device with
- lo1 with private jail addresses

Now I want to tunnel between my and a foreign So I assigned to lo2 and created 
a static route.

> From the code down I take it that the connect(2) call happens outside
> any jail and not within a jail, right?

Yes, this is outside a jail. With jails I had no problems, every jail 
has currently one ipv4 and one ipv6 address.

> Let me answer those later; in case you cannot reveal your network
> setup in public; contact me offlist.

If desired I could send you the complete interface and routing table. 
But I believe you should be able to see the problem with my example 

Thanks for sour support,

Frank Behrens, Osterwieck, Germany
PGP-key 0x5B7C47ED on public servers available.

More information about the freebsd-net mailing list