FreeBSD ipsec tunnel mode packet lost
Zaidi, Abbas
Abbas_Zaidi at mentor.com
Wed Sep 30 11:48:41 UTC 2009
Hi
I am having this strange problem establishing tunnel between FreeBSD and
linux, my network setup is
Link2:216:76ff:febd:618c ---------|Link2::e -o-
Link1::e|--------------------|Link1::f -o-
Link0::e|---------------Link0:212:17ff:fe5c:9466
FreeBSDe------------------------------|FreeBSDr|------------------------
----------|Linuxr|-----------------------------------Linuxe
Where I want to establish a tunnel between FreeBSDr and Linuxe (that
would be Link1::e <==> Link0:212:17ff:fe5c:9466). Im using raccoon2 to
negotiate SAs dynamically.
Once the SAs get negotiated I send a ping request from FreeBSDe to
Linuxe. The packets get an ipsec header applied at FreeBSDr reaches
Linuxe a reply to packet comes back at Link1::e interface of FreeBSDr
and then packet gets lost.
I am not using gif. Do I need it?
I don't think any thing is wrong with ipsec as the seq of both in and
out sa are incrementing on every echo request reply.
I am new to FreeBSD and not sure about firewall, but I think its not
running.
There is one strange thing about security policies as of linux in case
of tunnel there are 3 policies added (in, out, fwd) where as in FreeBSD
it only shows 2 (in, out).
Ping without ipsec from FreeBSDe to Linuxe works perfectly fine, so I
assume routing tables are fine too.
I have run out of options and do not understand what to do; any sort of
help will be highly appreciated.
Thanks,
Abbas Zaidi
Software Development Engineer
Embedded System Division
MentorGraphics Embedded
<http://www.mentor.com/products/embedded_software/>
Office (+9242) 6099215 Cell (+92333) 4261781
More information about the freebsd-net
mailing list