From owner-freebsd-current@FreeBSD.ORG Mon May 2 16:26:45 2005 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A30CF16A4CE; Mon, 2 May 2005 16:26:45 +0000 (GMT) Received: from mail.sorbs.net (news.sorbs.net [203.15.51.62]) by mx1.FreeBSD.org (Postfix) with ESMTP id ADB5E43D7B; Mon, 2 May 2005 16:26:44 +0000 (GMT) (envelope-from matthew@uq.edu.au) Received: from [10.200.254.98] by nemesis.sorbs.net (iPlanet Messaging Server 5.2 HotFix 1.21 (built Sep 8 2003)) with ESMTPSA id <0IFV00B42F0IMZ@nemesis.sorbs.net>; Tue, 03 May 2005 02:26:42 +1000 (EST) Date: Tue, 03 May 2005 02:25:29 +1000 From: Matthew Sullivan In-reply-to: <42765153.3090409@freebsd.org> To: Andre Oppermann Message-id: <42765479.4000101@uq.edu.au> MIME-version: 1.0 Content-type: text/plain; charset=ISO-8859-1; format=flowed Content-transfer-encoding: 7BIT X-Accept-Language: en User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041231 References: <20050424150211.GA87520@walton.maths.tcd.ie> <426BC78A.3E56D99B@freebsd.org> <426C1600.106@uq.edu.au> <426D2307.97D15253@freebsd.org> <426D306B.7010000@freebsd.org> <426E0F5C.3F157398@freebsd.org> <4272AF49.1090400@uq.edu.au> <42763D42.BB3B5416@freebsd.org> <427643E2.4070008@uq.edu.au> <42764884.8070704@freebsd.org> <42764EC4.7030403@uq.edu.au> <42765153.3090409@freebsd.org> cc: freebsd-current@freebsd.org Subject: Re: DF (Don't frag) issues X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 May 2005 16:26:45 -0000 Andre Oppermann wrote: > Matthew Sullivan wrote: > >> Andre Oppermann wrote: >> >>> Matthew Sullivan wrote: >>> >>>> Give me the switches you want on tcpdump and I'll be happy to >>>> provide the packets ;-) >>> >>> >>> This should do the trick: >>> >>> tcpdump -n -p -i fxp0 -s 128 -w dump >>> >> Ok this is what you have: >> >> root@scorpion:~# tcpdump -n -p -i fxp0 -s 128 -w pktdump not port 24 >> >> and it's at: http://scorpion.sorbs.net/ICMP/pktdump > > > Ok, this is the problem: > > MTU of next hop: 0 > > Have you installed my patch on the gateway machine too, or only on your > host? Patch is on both servers (the VPN server and the host the dump is from). > > MTU of next hop should not be zero under normal circumstances. It > indicates > a bug somewhere in the normal IP forwarding path. > > Is this the correct packet flow: > > ... --> dc0 --> gif0 --> IPSec --> fxp0 --> Internet --> ... > That is correct for the VPN server. ifconfig for the VPN server as follows: fxp0: flags=8843 mtu 1500 options=8 inet 203.101.254.252 netmask 0xffffff00 broadcast 203.101.254.255 inet6 fe80::290:27ff:fec2:4977%fxp0 prefixlen 64 scopeid 0x1 ether 00:90:27:c2:49:77 media: Ethernet autoselect (100baseTX ) status: active dc0: flags=108843 mtu 1500 options=8 inet 203.15.51.61 netmask 0xffffffe0 broadcast 203.15.51.63 inet6 fe80::2a0:cff:fec0:cc23%dc0 prefixlen 64 scopeid 0x2 ether 00:a0:0c:c0:cc:23 media: Ethernet autoselect (100baseTX ) status: active plip0: flags=108810 mtu 1500 lo0: flags=8049 mtu 16384 inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 gif0: flags=8051 mtu 1280 tunnel inet 203.101.254.252 --> 138.130.223.244 tunnel inet6 203.101.254.252 --> 138.130.223.244 inet 203.15.51.61 --> 192.168.1.2 netmask 0xffffff00 inet6 fe80::290:27ff:fec2:4977%gif0 prefixlen 64 scopeid 0x5 FreeBSD stealth.sorbs.net 6.0-CURRENT FreeBSD 6.0-CURRENT #1: Fri Apr 29 17:50:25 EST 2005 root@stealth.sorbs.net:/usr/obj/usr/src/sys/STEALTH i386 Regards, -- Matthew Sullivan Specialist Systems Programmer Information Technology Services The University of Queensland