[CentOS] making a route sticky

Les Mikesell lesmikesell at gmail.com
Mon Aug 8 19:27:42 UTC 2005


On Mon, 2005-08-08 at 09:49, Aleksandar Milivojevic wrote:
> Quoting Aleksandar Milivojevic <alex at milivojevic.org>:
> 
> > No, haven't tried that.  However, the problematic packets are not the 
> > ones going to tunnel.  I had problems with packets that are not 
> > affected by change of routing (those having external IP addresses).  
> > What I'll try on Monday is using IPSec by itself (in transport mode), 
> > and GRE by itself, and see if in any of those two cases I'll get the 
> > same problem (might send question to Netfilter list too).
> 
> Well, I think I might have found bug in Netfilter.
> 
> If I define IPSec in transport mode between two hosts, and than try to 
> ping one
> host from the other, Netfilter is not placing the returning packet 
> (ping reply)
> into established state.  The quick and easy workaround is defining IPSec in
> tunneling mode and using endpoint IP addresses as SRCNET and DSTNET.

Does 'established' make any sense for anything but tcp?

-- 
  Les Mikesell
     lesmikesell at gmail.com





More information about the CentOS mailing list