From owner-freebsd-net@FreeBSD.ORG Mon Dec 29 07:08:20 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 82296BE5 for ; Mon, 29 Dec 2014 07:08:20 +0000 (UTC) Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "vps1.elischer.org", Issuer "CA Cert Signing Authority" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 535592218 for ; Mon, 29 Dec 2014 07:08:20 +0000 (UTC) Received: from jre-mbp.elischer.org (ppp121-45-239-243.lns20.per1.internode.on.net [121.45.239.243]) (authenticated bits=0) by vps1.elischer.org (8.14.9/8.14.9) with ESMTP id sBT78Fxm065191 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Sun, 28 Dec 2014 23:08:18 -0800 (PST) (envelope-from julian@freebsd.org) Message-ID: <54A0FDD9.4090009@freebsd.org> Date: Mon, 29 Dec 2014 15:08:09 +0800 From: Julian Elischer User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.3.0 MIME-Version: 1.0 To: Nikolay Denev , "freebsd-net@freebsd.org" Subject: Re: setfib and RSTs References: In-Reply-To: Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Dec 2014 07:08:20 -0000 On 12/26/14 10:41 PM, Nikolay Denev wrote: > Hi, > > I have a process (bittorrent client) running in a non-default fib and using > a VPN for default gateway: > > from /etc/rc.local : > > /usr/sbin/setfib 1 route add $vpn_provider 10.0.0.1 > /usr/sbin/setfib 1 /usr/local/sbin/openvpn --config > /usr/local/etc/openvpn/provider.ovpn > /usr/sbin/setfib 1 /usr/sbin/service transmission onestart > > Then openvpn installs default gateway in fib 1 to point to the tun(4) > interface. > > Stil, I'm seeing RST packets from the bittorrent client process to be sent > not via the tunnel, but to the default gateway of the lan which seems > wrong. As if when the kernel generates the RST it does not take into > account the FIB of the socket? it's possible that you are correct. I checked that RST and other generated packets used the FIB for the session if it existed when they are generated, but I don't know what they do when a single unexpected packet enters..You may need toset the fib in received packets using either the ipfw setfib command or the ifconfig fib command. The RST should then use the same FIB to respond. let me know.. > Any ideas? > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > >