Re: Figuring out how vti works

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Steffen Klassert <steffen.klassert@secunet.com>
To: "netdev@vger.kernel.org" <netdev@vger.kernel.org>
Cc: Joe M <joe9mail@gmail.com>
Subject: Re: Figuring out how vti works
Date: Thu, 18 Sep 2014 11:20:50 +0200	[thread overview]
Message-ID: <20140918092050.GV6390@secunet.com> (raw)
In-Reply-To: <20140918050807.GA10599@master>

On Thu, Sep 18, 2014 at 12:08:07AM -0500, Joe M wrote:
> Hello Steffen,
> 
> Checking further with printk's, I can see
> 
> vti_tunnel_init being called for both ip_vti0 and vtil tunnels. But,
> when vti_tunnel_xmit is called, it is called with ip_vti0 tunnel and
> not the vtil tunnel. I am not sure if I am setting the route wrong.

If you can't get traffic into the tunnel, then the routing is
likely to be wrong. 

> 
> master# echo "1" | sudo tee /proc/sys/net/ipv4/ip_forward
> 1
> master# modprobe ip_vti
> master# ipsec start
> Starting strongSwan 5.2.0 IPsec [starter]...
> master# ip tunnel add vtil mode vti local 192.168.0.11 remote 192.168.1.232 ikey 1 okey 1
> master# ip link set vtil up
> master# sleep 10
> master# ip route add 192.168.1.0/24 dev vtil
> master# ip route list
> default via 192.168.0.1 dev enp4s0  metric 202
> 127.0.0.0/8 dev lo  scope host
> 192.168.0.0/24 dev enp4s0  proto kernel  scope link  src 192.168.0.11  metric 202
> 192.168.1.0/24 dev vtil  scope link
> 
> ip link list
> .
> .
> .
> 13: ip_vti0@NONE: <NOARP,UP,LOWER_UP> mtu 1428 qdisc noqueue state UNKNOWN mode DEFAULT group default
>     link/ipip 0.0.0.0 brd 0.0.0.0

Why is the ip_vti0 interface up? This should be down after inserting
the ip_vti module and I don't see that you've set it up with the
commands above.

Set the ip_vti0 interface down and try to find out where your
packets are getting dropped. As I said already, netstat -i and
/proc/net/xfrm_stat can help.

next prev parent reply	other threads:[~2014-09-18  9:21 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-09-15 14:20 Figuring out how vti works Joe M
2014-09-17  5:28 ` Steffen Klassert
2014-09-17 23:04   ` Joe M
2014-09-18  5:08     ` Joe M
2014-09-18  9:20       ` Steffen Klassert [this message]
2014-09-18  9:06     ` Steffen Klassert
2014-09-18 15:00   ` Joe M

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20140918092050.GV6390@secunet.com \
    --to=steffen.klassert@secunet.com \
    --cc=joe9mail@gmail.com \
    --cc=netdev@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.