From owner-freebsd-net Tue May 23 7:24:11 2000 Delivered-To: freebsd-net@freebsd.org Received: from mail.snickers.org (snickers.org [216.126.90.2]) by hub.freebsd.org (Postfix) with ESMTP id 400C037B869 for ; Tue, 23 May 2000 07:24:09 -0700 (PDT) (envelope-from josh@snickers.org) Received: by mail.snickers.org (Postfix, from userid 1037) id 743123D2A; Tue, 23 May 2000 10:24:07 -0400 (EDT) Date: Tue, 23 May 2000 10:24:07 -0400 From: Josh Tiefenbach To: Renaud Waldura Cc: freebsd-net@freebsd.org Subject: Re: PPP dropping IPSec packets? Message-ID: <20000523102407.A52508@zipperup.org> References: <200005222215.AAA26890@guppy.evolunet.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0pre2i In-Reply-To: <200005222215.AAA26890@guppy.evolunet.com> Organization: Hah Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > I try to ping the remote end of the encrypted link, but the packets > never make it back to me. They do flow from tun1 to tun0 to eth0 > to the telco router to ... to the remote site, _which_replies_ > to my ICMP echo, but for some reason PPP drops the IPSec packets, > they never come back up to neither tun0 (tunnel interface opened > by ppp), nor to tun1 (tunnel opened by pipsecd). > > But they *do* make it back to the Ethernet interface, they're > just not transmitted back to the tunnel tun0. I had the *exact* same problem. You dont mention whether or not you are using NAT on your gateway box. I noticed that when I turned off ppp's NAT facility that the pipsecd tunnel automagically started to work. I havent had the chance to delve any further, but it would appear that either ppp or libalias has some problems trying to map ESP packets. josh -- "Just because we know the value of G won't make better cell phones" -- Jens Gundlach To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message