making a route sticky

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Quoting Aleksandar Milivojevic <alex@xxxxxxxxxxxxxxx>:

> No, haven't tried that.  However, the problematic packets are not the 
> ones going to tunnel.  I had problems with packets that are not 
> affected by change of routing (those having external IP addresses).  
> What I'll try on Monday is using IPSec by itself (in transport mode), 
> and GRE by itself, and see if in any of those two cases I'll get the 
> same problem (might send question to Netfilter list too).

Well, I think I might have found bug in Netfilter.

If I define IPSec in transport mode between two hosts, and than try to 
ping one
host from the other, Netfilter is not placing the returning packet 
(ping reply)
into established state.  The quick and easy workaround is defining IPSec in
tunneling mode and using endpoint IP addresses as SRCNET and DSTNET.

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux