current-users: Re: multi-cast OSPF over gif tunnel with IPSec

Subject: Re: multi-cast OSPF over gif tunnel with IPSec
To: Andreas Wrede <andreas@planix.com>
From: Jun-ichiro itojun Hagino <itojun@iijlab.net>
List: current-users
Date: 05/15/2001 17:58:22

>The packets appear to get lost on the destination machine during IPSec
>processing or gif unpacking: The packet arrives on the real interface
>but never comes out of the gif tunnel:

	thanks, it really helps.

>***************
>*** 135,141 ****
>        0 inbound packets considered authentic
>        0 inbound packets failed on authentication
>        ESP input histogram:
>!               des-cbc: 18044701
>        28636858 outbound packets processed successfully
>        0 outbound packets violated process security policy
>        0 outbound packets with no SA available
>--- 135,141 ----
>        0 inbound packets considered authentic
>        0 inbound packets failed on authentication
>        ESP input histogram:
>!               des-cbc: 18044702
>        28636858 outbound packets processed successfully
>        0 outbound packets violated process security policy
>        0 outbound packets with no SA available

	do you have any idea how many packets went through the tunnel during
	this period?  if more than 1 packets are (supposed to be) exchanged,
	i suspect that the packet gets dropped in gif, not ipsec.
	hmm... i'm on the road and i cannot really test this now.  i hope to
	repeat this when i go back home.

	if anyone has similar experience, let me know.  i believe jason is
	using a very similar configuration - do you have any idea?

itojun