[IPSEC] gre over ipsec failure..

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

HI, all

who have ever tested gre over ipsec with kernel 2.6 ipsec stack ?
i tried gre over ipsec with freeswan-snapshot(2003/10/01) supporting
kernel 2.6 ipsec.

but cant ping over gre tunnel.


my testing systems are ...

kernel 2.6.0-test6 and redhat 7.3

system A <--> B is same lan subnet ( different subnet test is same problem
)


system A real ip : 100.20.182.2
system A gre ip : 10.20.182.2

system B real ip : 100.20.182.6
system B gre ip : 10.20.182.6

when i ping from system B's REAL ip to system A's REAL ip, it works fine.

04:36:18.645594 211.232.182.6 > 211.232.182.2:
ESP(spi=0xdd6e7ea0,seq=0x1f7) (DF)
04:36:18.645666 211.232.182.2 > 211.232.182.6:
ESP(spi=0x30983a4e,seq=0x611)
04:36:19.655639 211.232.182.6 > 211.232.182.2:
ESP(spi=0xdd6e7ea0,seq=0x1f8) (DF)
04:36:19.655713 211.232.182.2 > 211.232.182.6:
ESP(spi=0x30983a4e,seq=0x612)
04:36:20.665687 211.232.182.6 > 211.232.182.2:
ESP(spi=0xdd6e7ea0,seq=0x1f9) (DF)
04:36:20.665766 211.232.182.2 > 211.232.182.6:
ESP(spi=0x30983a4e,seq=0x613)

when i ping from system B's GRE ip to system A's GRE ip, it failure ( A
dont reply )

eth0 tcpdump

04:38:13.280179 211.232.182.6 > 211.232.182.2:
ESP(spi=0xdd6e7ea0,seq=0x262) (DF)
04:38:14.280104 211.232.182.6 > 211.232.182.2:
ESP(spi=0xdd6e7ea0,seq=0x263) (DF)
04:38:15.280156 211.232.182.6 > 211.232.182.2:
ESP(spi=0xdd6e7ea0,seq=0x264) (DF)
04:38:16.280209 211.232.182.6 > 211.232.182.2:
ESP(spi=0xdd6e7ea0,seq=0x265) (DF)
04:38:17.280260 211.232.182.6 > 211.232.182.2:
ESP(spi=0xdd6e7ea0,seq=0x266) (DF)
04:38:18.280312 211.232.182.6 > 211.232.182.2:
ESP(spi=0xdd6e7ea0,seq=0x267) (DF)

gre1 tcpdump

04:40:42.285971 10.20.182.6 > 10.20.182.2: icmp: echo request (DF)
04:40:43.286029 10.20.182.6 > 10.20.182.2: icmp: echo request (DF)
04:40:44.286076 10.20.182.6 > 10.20.182.2: icmp: echo request (DF)
04:40:45.286128 10.20.182.6 > 10.20.182.2: icmp: echo request (DF)
04:40:46.286180 10.20.182.6 > 10.20.182.2: icmp: echo request (DF)
04:40:47.286232 10.20.182.6 > 10.20.182.2: icmp: echo request (DF)

any ideas ?

thanks in advance

Regards,
 minsuj

-
: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Netdev]     [Ethernet Bridging]     [Linux 802.1Q VLAN]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Git]     [Bugtraq]     [Yosemite News and Information]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux PCI]     [Linux Admin]     [Samba]

  Powered by Linux