# traceroute issue on gif tunnel with ipsec



## hshh (Nov 7, 2012)

Hi all
I setup 2 networks connected with gif tunnel.

network1(172.16.0.0/24)<->server1(172.16.0.254)<-gif->server2(10.0.0.254)<->network2(10.0.0.0/24)

Servers are running FreeBSD 9.0-RELEASE.
If I only setup ipip tunnel without IPSEC, the traceroute works correctly.
Proper result of traceroute from network 1 to network 2

```
1    <1 ms    <1 ms    <1 ms  172.16.0.254
 2   100 ms   100 ms   100 ms  10.0.0.254
 3   100 ms   100 ms   100 ms  10.0.0.1
```
If I enable IPSEC for gif tunnel, traceroute result is,

```
1    <1 ms    <1 ms    <1 ms  172.16.0.254
 2     *        *        *     Request timed out.
 3   100 ms   100 ms   100 ms  10.0.0.1
```
I also tried IPSEC transport and tunnel mode, but no help.
Here is ipsec.conf

```
spdflush;
spdadd 172.16.0.254/32 10.0.0.254/32 ipencap -P out ipsec esp/transport//require;
spdadd 10.0.0.254/32 172.16.0.254/32 ipencap -P in  ipsec esp/transport//require;
flush;
add 172.16.0.254 10.0.0.254 esp 10001 -E blowfish-cbc "123456";
add 10.0.0.254 172.16.0.254 esp 10002 -E blowfish-cbc "123456";
```
It also effects my 6in4 tunnel, traceroute6 not works either.
Any solution for this?


----------

