>Number: 174602 >Category: misc >Synopsis: traceroute issue on gif tunnel with ipsec >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Dec 21 05:30:00 UTC 2012 >Closed-Date: >Last-Modified: >Originator: hshh >Release: 9.1-RELEASE >Organization: >Environment: FreeBSD vpn 9.1-RELEASE FreeBSD 9.1-RELEASE #1 r244417: Wed Dec 19 14:35:14 CST 2012 root@vpn:/usr/obj/usr/src/sys/vpn amd64 >Description: traceroute request timed out while through ipsec ipip tunnel.
network1(172.16.0.0/24)<->server1(172.16.0.254)<-gif->server2(10.0.0.254)<->network2(10.0.0.0/24) Without ipsec, traceroute from one network to other, everything is ok. 1 <1 ms <1 ms <1 ms 172.16.0.254 2 100 ms 100 ms 100 ms 10.0.0.254 3 100 ms 100 ms 100 ms 10.0.0.1 With ipsec, the second hop shown request timed out. 1 <1 ms <1 ms <1 ms 172.16.0.254 2 * * * Request timed out. 3 100 ms 100 ms 100 ms 10.0.0.1 # ipsec.conf spdflush; spdadd 172.16.0.254/32 10.0.0.254/32 ipencap -P out ipsec esp/transport//require; spdadd 10.0.0.254/32 172.16.0.254/32 ipencap -P in ipsec esp/transport//require; flush; add 172.16.0.254 10.0.0.254 esp 10001 -E blowfish-cbc "123456"; add 10.0.0.254 172.16.0.254 esp 10002 -E blowfish-cbc "123456"; This bug effects either transport or tunnel mode ipsec, also in 6in4 tunnel, traceroute6. >How-To-Repeat: Setup gif tunnel with ipsec, and traceroute/traceroute6. >Fix: >Release-Note: >Audit-Trail: >Unformatted: _______________________________________________ freebsd-bugs@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
