Re: gre tunnel problem

To: netbsd-users%NetBSD.org@localhost
Subject: Re: gre tunnel problem
From: Harry Waddell <waddell%caravaninfotech.com@localhost>
Date: Mon, 31 Oct 2011 14:44:30 -0700

> On Wed, Oct 26, 2011 at 08:44:50PM -0500, David Young wrote:
> > On Wed, Oct 26, 2011 at 04:02:15PM -0700, Harry Waddell wrote:
> > > 
> > > I'm trying to emulate a cisco's behavior when creating an IPSEC +
> > > GRE tunnel to a fortigate device. IPSEC is working fine with
> > > racoon, but I can't quite figure out how to get the gre device on
> > > the netbsd device configured in such a way that the fortigate
> > > will route packets back over the tunnel. That's context -- the
> > > issue is seems to be failing to setup the gre device properly
> > 
> > What version of NetBSD are you using?
> > 
> > I can reproduce aspects of the problem on -current, so I am going
> > to try to fix it there.
> 
> BTW, what NIC are you using?  One of my GRE peers has a wm(4), and the
> other has a bnx(4).  The wm(4) had all of the offload options enabled.
> 
> I have discovered that wm(4)'s IPv4 checksum offload (ifconfig wm0
> ip4csum) interferes with IPv6 transmission through gre(4).  I realize
> that IPv6 is not your problem, but it does make me wonder whether more
> offload problems lurk.
> 
> BTW, when I enabled IPv4 checksum offload on the bnx(4) interface,
> gre(4) continued to work.  Perhaps the bug is in wm(4).
> 
> I will continue to investigate.

I've only tested it with wm(4) devices. hardware chksum was not enabled. 

wm1: flags=8b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST> mtu 
1500
        
capabilities=7ff80<TSO4,IP4CSUM_Rx,IP4CSUM_Tx,TCP4CSUM_Rx,TCP4CSUM_Tx,UDP4CSUM_Rx,UDP4CSUM_Tx,TCP6CSUM_Rx,TCP6CSUM_Tx,UDP6CSUM_Rx,UDP6CSUM_Tx,TSO6>
        enabled=0
        address: 00:25:90:09:c1:29
        media: Ethernet autoselect (100baseTX 
full-duplex,flowcontrol,rxpause,txpause)
        status: active
        inet x.x.x.x netmask 0xfffffff8 broadcast y.y.y.y

Thanks again. 

BTW, as for IPv6, I've got a big customer where I've deployed a lot of netbsd 
stuff as infrastructure and any day now I fully expect them to go from total 
apathy to 
frenzied hysteria about IPv6, so please stomp away on as many IPv6 bugs as you 
can!

Harry Waddell 

p.s. not sure what's going on with my email account where I send stuff like 
mailing list traffic, so I've redirected stuff to a known working account. 
Sorry for the slow responses up till now.

References:
- gre tunnel problem
  - From: Harry Waddell
- Re: gre tunnel problem
  - From: Harry Waddell

Prev by Date: Re: gre tunnel problem
Next by Date: rtadvd and bridging
Previous by Thread: Re: gre tunnel problem
Next by Thread: Re: gre tunnel problem
Indexes:

Home | Main Index | Thread Index | Old Index