Hi, Am 02.02.2018 um 21:21 schrieb Grant Taylor: > >> I haven't seen the code so far, maybe I just need another source-NAT >> based rule for GRE? > > I don't know. > > Take a look at the GRE-NAT.sh script that I shared in a previous email. You have a SNAT rule in there. But my masquerading rule should do the exact same thing: -A POSTROUTING -s 192.168.10.0/24 ! -d 192.168.10.0/24 -j MASQUERADE Both cases, the first package from the inside and from the outside should be covered. Or am I missing something here? > > I think the race is who sends packets first, not a problem in the code > or implementation. > True, but the implementation and my configuration of the same should handle both cases. > > How often does BGP send packets if there aren't any updates or changes > to advertise? - Cursory Google search makes me think that BGP sends > a a keepalive (heartbeat) packet every minute. - I would think that > would be often enough to keep connection tracking entries from timing > out. > I'd have to look that up. So far the ping keeps the tunnels going. Bye, Matthias -- To unsubscribe from this list: send the line "unsubscribe lartc" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html