making a route sticky

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On Mon, 2005-08-08 at 09:49, Aleksandar Milivojevic wrote:
> Quoting Aleksandar Milivojevic <alex@xxxxxxxxxxxxxxx>:
> 
> > No, haven't tried that.  However, the problematic packets are not the 
> > ones going to tunnel.  I had problems with packets that are not 
> > affected by change of routing (those having external IP addresses).  
> > What I'll try on Monday is using IPSec by itself (in transport mode), 
> > and GRE by itself, and see if in any of those two cases I'll get the 
> > same problem (might send question to Netfilter list too).
> 
> Well, I think I might have found bug in Netfilter.
> 
> If I define IPSec in transport mode between two hosts, and than try to 
> ping one
> host from the other, Netfilter is not placing the returning packet 
> (ping reply)
> into established state.  The quick and easy workaround is defining IPSec in
> tunneling mode and using endpoint IP addresses as SRCNET and DSTNET.

Does 'established' make any sense for anything but tcp?

-- 
  Les Mikesell
     lesmikesell@xxxxxxxxx
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux