[CentOS] making a route sticky
Aleksandar Milivojevic
alex at milivojevic.org
Fri Aug 5 21:09:04 UTC 2005
Quoting Les Mikesell <lesmikesell at gmail.com>:
>> I've just ran into one interesting problem with this approach. Seems that
>> Netfilter is getting confused or something... Or at least I wasn't
>> been able
>> to make an usable config.
>
> Does ifconfig show the GRE tunnel as a PTP interface or something with
> a reasonable netmask? If something is trying to figure out how to
> access it, you might want to make it look like a 4-host subnet
> (netmask 255.255.255.252) using the 2 usable addresses for the
> endpoints.
Well, after some debugging, the problem seems to be that Netfilter is not
placing returning packets into establieshed state for direct connections
between VPN gateways (public addresses, those that should not go through GRE
tunnel, just IPSec encrypted). If I use private interface addresses of VPN
gateways (so that packets go through GRE tunnel, and then IPSec), things seem
to work OK. However, I still need to do some additional testing.
Have you seen something like that before?
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
More information about the CentOS
mailing list