[CentOS] making a route sticky
Les Mikesell
lesmikesell at gmail.com
Mon Aug 8 19:27:42 UTC 2005
On Mon, 2005-08-08 at 09:49, Aleksandar Milivojevic wrote:
> Quoting Aleksandar Milivojevic <alex at milivojevic.org>:
>
> > No, haven't tried that. However, the problematic packets are not the
> > ones going to tunnel. I had problems with packets that are not
> > affected by change of routing (those having external IP addresses).
> > What I'll try on Monday is using IPSec by itself (in transport mode),
> > and GRE by itself, and see if in any of those two cases I'll get the
> > same problem (might send question to Netfilter list too).
>
> Well, I think I might have found bug in Netfilter.
>
> If I define IPSec in transport mode between two hosts, and than try to
> ping one
> host from the other, Netfilter is not placing the returning packet
> (ping reply)
> into established state. The quick and easy workaround is defining IPSec in
> tunneling mode and using endpoint IP addresses as SRCNET and DSTNET.
Does 'established' make any sense for anything but tcp?
--
Les Mikesell
lesmikesell at gmail.com
More information about the CentOS
mailing list