Re: DF (Don't frag) issues

From: Matthew Sullivan <matthew_at_uq.edu.au>
Date: Tue, 03 May 2005 02:25:29 +1000
Andre Oppermann wrote:

> Matthew Sullivan wrote:
>
>> Andre Oppermann wrote:
>>
>>> Matthew Sullivan wrote:
>>>
>>>> Give me the switches you want on tcpdump and I'll be happy to 
>>>> provide the packets ;-)
>>>
>>>
>>> This should do the trick:
>>>
>>>  tcpdump -n -p -i fxp0 -s 128 -w dump
>>>
>> Ok this is what you have:
>>
>> root_at_scorpion:~# tcpdump -n -p -i fxp0 -s 128 -w pktdump not port 24
>>
>> and it's at: http://scorpion.sorbs.net/ICMP/pktdump
>
>
> Ok, this is the problem:
>
>  MTU of next hop: 0
>
> Have you installed my patch on the gateway machine too, or only on your
> host?

Patch is on both servers (the VPN server and the host the dump is from).

>
> MTU of next hop should not be zero under normal circumstances.  It 
> indicates
> a bug somewhere in the normal IP forwarding path.
>
> Is this the correct packet flow:
>
>  ... --> dc0 --> gif0 --> IPSec --> fxp0 --> Internet --> ...
>
That is correct for the VPN server.

ifconfig for the VPN server as follows:
fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        options=8<VLAN_MTU>
        inet 203.101.254.252 netmask 0xffffff00 broadcast 203.101.254.255
        inet6 fe80::290:27ff:fec2:4977%fxp0 prefixlen 64 scopeid 0x1
        ether 00:90:27:c2:49:77
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
dc0: flags=108843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        options=8<VLAN_MTU>
        inet 203.15.51.61 netmask 0xffffffe0 broadcast 203.15.51.63
        inet6 fe80::2a0:cff:fec0:cc23%dc0 prefixlen 64 scopeid 0x2
        ether 00:a0:0c:c0:cc:23
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
        inet 127.0.0.1 netmask 0xff000000
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
        tunnel inet 203.101.254.252 --> 138.130.223.244
        tunnel inet6 203.101.254.252 --> 138.130.223.244
        inet 203.15.51.61 --> 192.168.1.2 netmask 0xffffff00
        inet6 fe80::290:27ff:fec2:4977%gif0 prefixlen 64 scopeid 0x5

FreeBSD stealth.sorbs.net 6.0-CURRENT FreeBSD 6.0-CURRENT #1: Fri Apr 29 
17:50:25 EST 2005     
root_at_stealth.sorbs.net:/usr/obj/usr/src/sys/STEALTH  i386

Regards,

-- 
Matthew Sullivan
Specialist Systems Programmer
Information Technology Services
The University of Queensland
Received on Mon May 02 2005 - 14:26:45 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:33 UTC