IP packets with source address of

jadz at toybox.fyremoon.net jadz at toybox.fyremoon.net
Wed Feb 9 23:57:19 PST 2005


I've got a bit of a weird one I've not figured out yet, so thought I'd
come see if you guys can help.  I've just added a new box to an existing
tinc vpn.  The vpn consists of some debian Linux and freebsd 5.2 and 5.3
boxes.  All boxes are running tinc 1.0.2.

The box I've just added is the first and only fbsd 5.3 box on the vpn.  
tinc on the fbsd5.3 box seems to happily connect to the vpn, but
connections to the other systems on the vpn cannot be initiated from it.  
The reason seems to be that the packets coming from the box over the vpn
have a source address of  Thats clearly why no packets get
returned by the other vpn sites.

The if_tap device on the fbsd 5.3 box seems to be configured fine:

        inet6 fe80::2bd:fff:fe33:100%tap0 prefixlen 64 scopeid 0x4 
        inet netmask 0xffffff00 broadcast
        ether 00:bd:0f:33:01:00
        Opened by PID 3174

I've had a quick look at the routing table and everything is fine there.  
Using tcpdump on one of the other vpn sites confirms the packets are 
getting to it, so they are being routed over the vpn correctly:

# tcpdump -i tap0 
tcpdump: listening on tap0
08:44:24.847529 > icmp: echo request
08:44:25.803251 > icmp: echo request
08:44:26.818328 > icmp: echo request
08:44:27.822987 > icmp: echo request
08:44:28.841233 > icmp: echo request

5 packets received by filter
0 packets dropped by kernel

In the above example you can see ping packets arriving over the vpn from 
the fbsd 5.3 box.  the destination address is good, but the source address 
is, which is the problem

I've done some googling to no joy, so I'm hoping someone out there has 
some ideas.

hope you guys can help

More information about the freebsd-questions mailing list