Julian Elischer wrote:
Stephen Clark wrote:
Julian Elischer wrote:
you will need to define the setup and question better.
thanks.. cleaning it up a bit more...
10.0.129.1 FreeBSD workstation
^
|
| ethernet
|
v
10.0.128.1 Freebsd FW "A"
^
|
| gre / ipsec
|
v
192.168.3.1 FreeBSD FW "B"
^
|
| ethernet
|
v
192.168.3.86 linux workstation
$ sudo traceroute 192.168.3.86
traceroute to 192.168.3.86 (192.168.3.86), 64 hops max, 40 byte packets
1 HQFirewallRS.com (10.0.128.1) 0.575 ms 0.423 ms 0.173 ms
2 * * *
3 192.168.3.86 (192.168.3.86) 47.972 ms 45.174 ms 49.968 ms
No response from the FreeBSD "B" box.
When I do a tcpdump on "B" of the gre interface I see UDP packets
with a TTL of 1 but no ICMP response packets being sent back.
If I do the traceroute from the linux workstation 192.168.3.86 I get
similar results - I don't see a response from the FreeBSD "A" box.
could you try using just GRE encasulation?
(i.e. turn off IPSEC for now)
I think that is much more likely to be where the problem is..
I'll have to set this up to test it.
What code in the FreeBSD kernel is responsible for generating the response ICMP
dest unreachable message?
--
"They that give up essential liberty to obtain temporary safety,
deserve neither liberty nor safety." (Ben Franklin)
"The course of history shows that as a government grows, liberty
decreases." (Thomas Jefferson)
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
