Date: Fri, 28 Nov 2008 07:53:02 +0100 From: "Frank Behrens" <frank@harz.behrens.de> To: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> Cc: freebsd-net@freebsd.org Subject: Re: Problem with new source address selection Message-ID: <200811280653.mAS6r1P3014050@post.behrens.de> In-Reply-To: <20081127164201.M61259@maildrop.int.zabbadoz.net> References: <200811271542.mARFgglB004902@post.behrens.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Bjoern A. Zeeb <bzeeb-lists@lists.zabbadoz.net> wrote on 27 Nov 2008 16:47: > > Now I want to tunnel between my 192.168.90.0/24 and a foreign > > 192.168.200.0/24. So I assigned 192.168.90.254/32 to lo2 and created > > a static route. > > So if you don't mind to go out with a source address of 192.168.90.1 > instead of .254, what about this hack. What happens if you change the > route to > route change -net 192.168.200.0/24 192.168.90.2 > (assuming the .2 is not on your local machine). That works for the router, but for incoming packets on the internal interface (from -net 192.168.90.0/24) the machine will send an ICMP redirect to new router 192.168.90.2. Of course that is a black hole. When I use the route to own interface address (route change -net 192.168.200.0/24 192.168.90.1) it works, but also for every incoming packet an ICMP redirect is sent. So that solution is a workaround for short time only. Does anybody have a better solution for source address selection? Am I the only one with an IPSEC tunnel? -- Frank Behrens, Osterwieck, Germany PGP-key 0x5B7C47ED on public servers available.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200811280653.mAS6r1P3014050>