Fwd: Re: Strange FreeBSD behavior when trying to forward
beetween ipsec crypted gif's. May be a problem with ICMP
unreach packets at all
Vladimir Grigorov
vl.varlog at gmail.com
Fri Sep 17 08:19:59 UTC 2010
greets all
> If you take a look at icmp_error() in sys/netinet/ip_icmp.c you will see
> that icmp errors are not sent for packets that have been previously been
> decrypted by IPSec.
May be some misunderstandings happens. I have gif and ipsec. IPSEC mode is transport, that means, traffic encrypted only between gif's
outer addresses. As result, traffic in gif encrypted by encrypting ipip container. But I can view traffic on gif by tcpdump as on
regular interfaces. E.g. gif's inner traffic not processed by ipsec at all
More information about the freebsd-net
mailing list