On Thu, Jun 01, 2017 at 07:42:51AM -0500, Michael Graves wrote: > Hello > > [...] > > The problem that I cannot explain is when I ping from obsd01 vether0 to > obsd02 vether0 and I do a tcpdump on rtbsd vio0 I never see any IGMP packets > from the obsd01/02 system, but I do see VXLAN packets. However the > destination MAC address is broadcast (all ff's) and not a multicast address > like I would expect. Side note, the TTL on the packets is 10 and matches the > tunnelttl setting. > > If anyone has an idea of what I am doing wrong I would appreciate a pointer > in the right direction. >
my guess would be IGMP uses IP-Options. and by default, pf doesn't allow them. you should try using the following in pf.conf: set skip lo block log pass allow-opts the "allow-opts" will make IPv4 wit IP options to be allowed. The fact to have a block log just before would permit you to check if pf is blocking some other thing "by default" using tcpdump -i pflog0 -n. -- Sebastien Marie
