From owner-freebsd-bugs@FreeBSD.ORG Fri Dec 21 05:30:00 2012 Return-Path: Delivered-To: freebsd-bugs@smarthost.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id EACE8E0C for ; Fri, 21 Dec 2012 05:30:00 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id A512A8FC12 for ; Fri, 21 Dec 2012 05:30:00 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id qBL5U0YL022034 for ; Fri, 21 Dec 2012 05:30:00 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id qBL5U08x022033; Fri, 21 Dec 2012 05:30:00 GMT (envelope-from gnats) Resent-Date: Fri, 21 Dec 2012 05:30:00 GMT Resent-Message-Id: <201212210530.qBL5U08x022033@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, hshh Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 17F3FB5C for ; Fri, 21 Dec 2012 05:21:04 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22]) by mx1.freebsd.org (Postfix) with ESMTP id F377C8FC13 for ; Fri, 21 Dec 2012 05:21:03 +0000 (UTC) Received: from red.freebsd.org (localhost [127.0.0.1]) by red.freebsd.org (8.14.5/8.14.5) with ESMTP id qBL5L3TX049027 for ; Fri, 21 Dec 2012 05:21:03 GMT (envelope-from nobody@red.freebsd.org) Received: (from nobody@localhost) by red.freebsd.org (8.14.5/8.14.5/Submit) id qBL5L3UF049011; Fri, 21 Dec 2012 05:21:03 GMT (envelope-from nobody) Message-Id: <201212210521.qBL5L3UF049011@red.freebsd.org> Date: Fri, 21 Dec 2012 05:21:03 GMT From: hshh To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Subject: misc/174602: traceroute issue on gif tunnel with ipsec X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Dec 2012 05:30:01 -0000 >Number: 174602 >Category: misc >Synopsis: traceroute issue on gif tunnel with ipsec >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Dec 21 05:30:00 UTC 2012 >Closed-Date: >Last-Modified: >Originator: hshh >Release: 9.1-RELEASE >Organization: >Environment: FreeBSD vpn 9.1-RELEASE FreeBSD 9.1-RELEASE #1 r244417: Wed Dec 19 14:35:14 CST 2012 root@vpn:/usr/obj/usr/src/sys/vpn amd64 >Description: traceroute request timed out while through ipsec ipip tunnel. network1(172.16.0.0/24)<->server1(172.16.0.254)<-gif->server2(10.0.0.254)<->network2(10.0.0.0/24) Without ipsec, traceroute from one network to other, everything is ok. 1 <1 ms <1 ms <1 ms 172.16.0.254 2 100 ms 100 ms 100 ms 10.0.0.254 3 100 ms 100 ms 100 ms 10.0.0.1 With ipsec, the second hop shown request timed out. 1 <1 ms <1 ms <1 ms 172.16.0.254 2 * * * Request timed out. 3 100 ms 100 ms 100 ms 10.0.0.1 # ipsec.conf spdflush; spdadd 172.16.0.254/32 10.0.0.254/32 ipencap -P out ipsec esp/transport//require; spdadd 10.0.0.254/32 172.16.0.254/32 ipencap -P in ipsec esp/transport//require; flush; add 172.16.0.254 10.0.0.254 esp 10001 -E blowfish-cbc "123456"; add 10.0.0.254 172.16.0.254 esp 10002 -E blowfish-cbc "123456"; This bug effects either transport or tunnel mode ipsec, also in 6in4 tunnel, traceroute6. >How-To-Repeat: Setup gif tunnel with ipsec, and traceroute/traceroute6. >Fix: >Release-Note: >Audit-Trail: >Unformatted: