Date: Fri, 17 Sep 2010 12:18:57 +0400 From: Vladimir Grigorov <vl.varlog@gmail.com> To: Tom Judge <tom@tomjudge.com> Cc: freebsd-net@freebsd.org Subject: Re: Fwd: Re: Strange FreeBSD behavior when trying to forward beetween ipsec crypted gif's. May be a problem with ICMP unreach packets at all Message-ID: <1307024327.20100917121857@gmail.com> In-Reply-To: <4C923353.7090801@tomjudge.com> References: <4C923353.7090801@tomjudge.com>
next in thread | previous in thread | raw e-mail | index | archive | help
greets all > If you take a look at icmp_error() in sys/netinet/ip_icmp.c you will see > that icmp errors are not sent for packets that have been previously been > decrypted by IPSec. =20 May be some misunderstandings happens. I have gif and ipsec. IPSEC mode = is transport, that means, traffic encrypted only between gif's=20 outer addresses. As result, traffic in gif encrypted by encrypting ipip= container. But I can view traffic on gif by tcpdump as on=20 regular interfaces. E.g. gif's inner traffic not processed by ipsec at all
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1307024327.20100917121857>