Date: Fri, 29 May 2015 04:19:24 +0300 From: "Andrey V. Elsukov" <ae@FreeBSD.org> To: Julian Kornberger <juliank@tzi.de>, "net@freebsd.org" <net@freebsd.org> Subject: Re: Crash with GRE und IPFW fwd Message-ID: <5567BE9C.3060203@FreeBSD.org> In-Reply-To: <5567BD3D.6050205@tzi.de> References: <5566565A.7030200@tzi.de> <55671F25.5070308@FreeBSD.org> <5567248B.1040207@tzi.de> <5567A65E.1040505@FreeBSD.org> <5567BD3D.6050205@tzi.de>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --TFqMI9W7GOwgnveoCTPecoqfr1hO7MbTS Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 29.05.2015 04:13, Julian Kornberger wrote: > Am 29.05.2015 um 01:35 schrieb Andrey V. Elsukov: >> The actual panic occurs when ip_output() does RO_RTFREE() to cached >> route owned by gre(4). >> >> #7 0xffffffff80a58105 in ip_output (m=3D0xfffff800054bb000, >> opt=3D<value optimized out>, flags=3D<value optimized out>, >> imo=3D<value optimized out>, inp=3D0x0) >> at /usr/src/sys/netinet/ip_output.c:218 >> #8 0xffffffff81a15797 in gre_output (ifp=3D0xfffff80005a33000, >> m=3D<value optimized out>, dst=3D<value optimized out>, >> ro=3D<value optimized out>) >> at /usr/src/sys/modules/if_gre/../../net/if_gre.c:509 >> >> As I see you have two gre(4) tunnels: >> >> gre1: inet 10.9.0.9 --> 10.9.0.8 >> gre2: inet 10.9.0.11 --> 10.9.0.10 >> >> but which addresses do you use as tunnel endpoints? >=20 > I am running a VPN server with a single public address. > The local tunnel endpoints are private ip addresses: >=20 > gre1: 192.168.1.3/28 --> 5.9.77.235 (the vpn server address) > gre2: 192.168.1.19/28 --> 5.9.77.235 (the vpn server address) >=20 > Between my FreeBSD machine and the VPN server are NAT routers > (192.168.1.1 and 192.168.1.17). I also added a second public ip address= > to my VPN server to have different public endpoints but it crashes too.= >=20 > I need to use multiple tunnels to load-balance the VPN traffic. Did you try gre module from the 11.0-CURRENT? If it works for you, with stock module you can try to set link1 to both gre(4) interfaces. I think it will help. --=20 WBR, Andrey V. Elsukov --TFqMI9W7GOwgnveoCTPecoqfr1hO7MbTS Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJVZ76cAAoJEAHF6gQQyKF6ljkH/Rv8Fi2Vc8Lx73GTFuUKH1Ee ieVazkRvoJRIHVu+EMRZAoxqqFow3St7ZzU4npDqMMLae+byxDDd+tsvl9QGJvcy Zh/zPfspALiipj3fjLyNkARqtE1YQoOj+02nlMWZbAyYbxwfcxt6S26l5mnE5QEP gwxnvFSUB4Z8n/TTHe/GUIYk9J+GPnQaf+MNvd+o7K6Y1qoBlOicACBMxwgv9Roc ddNj+lUDkdgEOo0UgbmcqFmufJdZTv1N4Goyt1cIoBZ4px1KCeuH30DRs1d5BU0z 1fWjIPm/0WR59N/dyH6J3hlUYWNV2FjE2w1IzrUumrqOiRWAO9Wz1s40cPAOMXk= =BZl7 -----END PGP SIGNATURE----- --TFqMI9W7GOwgnveoCTPecoqfr1hO7MbTS--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5567BE9C.3060203>