current-users: Re: multi-cast OSPF over gif tunnel with IPSec

Subject: Re: multi-cast OSPF over gif tunnel with IPSec
To: Andreas Wrede <andreas@planix.com>
From: Jun-ichiro itojun Hagino <itojun@iijlab.net>
List: current-users
Date: 05/15/2001 06:51:31

>I have a gif tunnel configured between two NetBSD/i386 1.5.1_BETA
>systems. Without IPSec transport mode configured for the underlying
>real IP addresses, the gif tunnel with transport OSPF multicast
>packets (ie. Zebra OSPF hello to 224.0.0.5) without problem.
>
>If I configure IPSec between the real IP addresses of the tunnel, the
>OSPF multicast packets never make it to the other side of the tunnel.
>Normal packets (TCP, UDP, ICMP) work fine.

	could you try running tcpdump on gif interface as well as ethernet?
	watch both inbound and outbound interface.  what kind of traffic
	do you see and what kind of traffic you don't see?
	# tcpdump -n -i gif0	(packet with inner header)
	# tcpdump -n -i tlp0	(packet with innter + outer header)
	the point is to know which layer is losing (or corrupting) packets.

	watch netstat -sn.  which number increases while you run ospfd?
	taking diff between netstat -sn output always help.

itojun