From owner-freebsd-net@FreeBSD.ORG  Tue Jun  7 23:12:21 2005
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
X-Original-To: FreeBSD-net@FreeBSD.org
Delivered-To: FreeBSD-net@FreeBSD.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id CEE3216A41C
	for <FreeBSD-net@FreeBSD.org>; Tue,  7 Jun 2005 23:12:21 +0000 (GMT)
	(envelope-from grog@lemis.com)
Received: from blackwater.lemis.com (wantadilla.lemis.com [192.109.197.135])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 262F443D1D
	for <FreeBSD-net@FreeBSD.org>; Tue,  7 Jun 2005 23:12:19 +0000 (GMT)
	(envelope-from grog@lemis.com)
Received: by blackwater.lemis.com (Postfix, from userid 1004)
	id 408E385642; Wed,  8 Jun 2005 08:42:18 +0930 (CST)
Date: Wed, 8 Jun 2005 08:42:18 +0930
From: Greg 'groggy' Lehey <grog@FreeBSD.org>
To: Marc Olzheim <marcolz@stack.nl>,
	Jeremie Le Hen <jeremie@le-hen.org>
Message-ID: <20050607231218.GD64194@wantadilla.lemis.com>
References: <20050607093717.GA76296@wantadilla.lemis.com>
	<20050607100958.GU41050@obiwan.tataz.chchile.org>
	<20050607093717.GA76296@wantadilla.lemis.com>
	<20050607094848.GB16223@stack.nl>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="J9fO++IT6debZ01Z"
Content-Disposition: inline
In-Reply-To: <20050607100958.GU41050@obiwan.tataz.chchile.org>
	<20050607094848.GB16223@stack.nl>
User-Agent: Mutt/1.4.2.1i
Organization: The FreeBSD Project
Phone: +61-8-8388-8286
Fax: +61-8-8388-8725
Mobile: +61-418-838-708
WWW-Home-Page: http://www.FreeBSD.org/
X-PGP-Fingerprint: 9A1B 8202 BCCE B846 F92F  09AC 22E6 F290 507A 4223
Cc: FreeBSD-net@FreeBSD.org
Subject: Re: Problems with gif tunnels
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Jun 2005 23:12:22 -0000


--J9fO++IT6debZ01Z
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Tuesday,  7 June 2005 at 11:48:48 +0200, Marc Olzheim wrote:
> On Tue, Jun 07, 2005 at 07:07:17PM +0930, Greg 'groggy' Lehey wrote:
>> I posted this message to the -questions list an hour or so ago.
>> Possibly it's of interest to people on this list.  Certainly the
>> problem is non-obvious, so even (as I suspect) if it's my fault, it
>> would be interesting to document the problem.
>
> The interface on the default route is rl0 instead of gif0...
> Could you try with -interface gif0 ?


On Tuesday,  7 June 2005 at 12:09:58 +0200, Jeremie Le Hen wrote:
> Hi Greg,
>
>>>   Destination        Gateway            Flags    Refs      Use  Netif Expire
>>>   default            150.101.14.9       UGS         0        7    rl0
>>>   150.101.14.8/30    link#2             UC          0        0    rl0
>>>   150.101.14.9       00:90:1a:40:09:98  UHLW        2        2    rl0    903
>>>   192.109.197        link#1             UC          0        0    xl0
>>>   192.109.197.135    00:10:4b:66:1e:e9  UHLW        0     6757    xl0   1056
>>>   192.109.197.137    00:50:da:cf:07:35  UHLW        0    99336    xl0   1188
>>>   192.109.197.255    ff:ff:ff:ff:ff:ff  UHLWb       0    34521    xl0
>>>   203.16.215.227     150.101.14.9       UGHS        1        4    rl0
>
> I guess you need a route to something like 192.83.231.0/24 through gif0.
> Try
>>>>
>     route add -host 192.83.231.16 -interface gif0
>>>>

Well, this is the default interface, but yes, for outgoing traffic
this is obviously correct.  It also appears to work.

>
>>> I then get somebody from the other end to ping me:
>>>
>>>   17:49:10.228597 IP 203.16.215.227 > 150.101.14.10: IP 192.83.231.16 > 192.109.197.145: icmp 64: echo request seq 6908
>>>   17:49:11.229188 IP 203.16.215.227 > 150.101.14.10: IP 192.83.231.16 > 192.109.197.145: icmp 64: echo request seq 6909
>>>
>>> But that's all.  Nothing goes out.  I've tried this on different
>>> systems, and I know somebody else who is using what looks like an
>>> identical configuration with this ISP, and it works fine.  I've tried
>>> different systems, one and two NICs, 4.x and 5.x, all with the same
>>> (non)result.  What am I missing?
>
> It would be worth knowing if the ICMP packet goes out from your
> ``internal'' interface (xl0).

No, of course not.  It goes out from the other end (at the ISP).  It
comes in on the rl0 interface.

> In this case, you should also see the ICMP echo-reply.

I don't see any reply.  But that's not surprising, since the echo
packet doesn't get delivered.  To summarize again:

- rl0 is the external interface (-> DSL), IP 150.101.14.10.
- xl0 is the internal interface, IP 192.109.197.143.
- encapsulated packet comes in from 203.16.215.227 with data from IP
  192.83.231.16 for 192.109.197.145.  It should go out xl0.
- It doesn't.  No further indication of why not.

Greg
--
The virus contained in this message was not detected.

Finger grog@FreeBSD.org for PGP public key.
See complete headers for address and phone numbers.

--J9fO++IT6debZ01Z
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (FreeBSD)

iD8DBQFCpinSIubykFB6QiMRAiaJAJ4qUVeTWOwaQI4PIK18pzjixaHe0wCfbNqu
SpnrVVDAilkO8LOpv1ppfhk=
=j4X1
-----END PGP SIGNATURE-----

--J9fO++IT6debZ01Z--