From owner-freebsd-net@FreeBSD.ORG Fri Nov 28 06:53:11 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 66C311065674 for ; Fri, 28 Nov 2008 06:53:11 +0000 (UTC) (envelope-from frank@harz.behrens.de) Received: from post.behrens.de (post.behrens.de [IPv6:2a01:170:1023::1:2]) by mx1.freebsd.org (Postfix) with ESMTP id 4F8A88FC26 for ; Fri, 28 Nov 2008 06:53:09 +0000 (UTC) (envelope-from frank@harz.behrens.de) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=behrens.de; h=from:to:date:mime-version:subject:cc:in-reply-to:references:content-type:content-transfer-encoding:content-description; s=pinky1; t=1227855188; i=frank@harz.behrens.de; bh=rMyU6uXbyNAqVK0p31OZz+YW+E0IXNVfswx3n2d1YDU=; b=AoSurEzvjaCCio8WrzJlyOHIxS4MdnplrSRJsCy/7xrWc5vCi9cCtqmzhNwjBhmQQ3qoGytxAwv181NWoT5wvg== Received: from sun.behrens ([IPv6:2a01:170:1023:0:c0d6:53ce:9573:dd8b]) by post.behrens.de (8.14.3/8.14.2) with ESMTP(MSA) id mAS6r1P3014050; Fri, 28 Nov 2008 07:53:01 +0100 (CET) (envelope-from frank@harz.behrens.de) Message-Id: <200811280653.mAS6r1P3014050@post.behrens.de> From: "Frank Behrens" To: "Bjoern A. Zeeb" Date: Fri, 28 Nov 2008 07:53:02 +0100 MIME-Version: 1.0 Priority: normal In-reply-to: <20081127164201.M61259@maildrop.int.zabbadoz.net> References: <200811271542.mARFgglB004902@post.behrens.de> X-mailer: Pegasus Mail for Windows (4.31, DE v4.31 R1) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body X-Hashcash: 1:23:081128:freebsd-net@freebsd.org::0+DtdclIdhiSGdRo:0000000000HBtx X-Hashcash: 1:23:081128:bzeeb-lists@lists.zabbadoz.net::7q2aWHNDOlM9kAqD:000RUmy Cc: freebsd-net@freebsd.org Subject: Re: Problem with new source address selection X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Nov 2008 06:53:11 -0000 Bjoern A. Zeeb wrote on 27 Nov 2008 16:47: > > Now I want to tunnel between my 192.168.90.0/24 and a foreign > > 192.168.200.0/24. So I assigned 192.168.90.254/32 to lo2 and created > > a static route. > > So if you don't mind to go out with a source address of 192.168.90.1 > instead of .254, what about this hack. What happens if you change the > route to > route change -net 192.168.200.0/24 192.168.90.2 > (assuming the .2 is not on your local machine). That works for the router, but for incoming packets on the internal interface (from -net 192.168.90.0/24) the machine will send an ICMP redirect to new router 192.168.90.2. Of course that is a black hole. When I use the route to own interface address (route change -net 192.168.200.0/24 192.168.90.1) it works, but also for every incoming packet an ICMP redirect is sent. So that solution is a workaround for short time only. Does anybody have a better solution for source address selection? Am I the only one with an IPSEC tunnel? -- Frank Behrens, Osterwieck, Germany PGP-key 0x5B7C47ED on public servers available.