FreeBSD ipsec tunnel mode packet lost
VANHULLEBUS Yvan
vanhu at FreeBSD.org
Wed Sep 30 12:08:38 UTC 2009
On Wed, Sep 30, 2009 at 01:16:47PM +0200, Zaidi, Abbas wrote:
> Hi
Hi.
> I am having this strange problem establishing tunnel between FreeBSD and
> linux, my network setup is
[the setup]
> Once the SAs get negotiated I send a ping request from FreeBSDe to
> Linuxe. The packets get an ipsec header applied at FreeBSDr reaches
> Linuxe a reply to packet comes back at Link1::e interface of FreeBSDr
> and then packet gets lost.
>
> I am not using gif. Do I need it?
Probably not.
> I don't think any thing is wrong with ipsec as the seq of both in and
> out sa are incrementing on every echo request reply.
please check output of "netstat -s" (mainly sections esp, ipsec6,
ip6), and see if some counters increase for each dropped packet.
[...]
> There is one strange thing about security policies as of linux in case
> of tunnel there are 3 policies added (in, out, fwd) where as in FreeBSD
> it only shows 2 (in, out).
This is specific to Linux's IPsec stack implementation, just forget
anything related to "fwd".....
Yvan.
More information about the freebsd-net
mailing list