[CentOS] making a route sticky
Aleksandar Milivojevic
alex at milivojevic.org
Mon Aug 8 14:49:12 UTC 2005
Quoting Aleksandar Milivojevic <alex at milivojevic.org>:
> No, haven't tried that. However, the problematic packets are not the
> ones going to tunnel. I had problems with packets that are not
> affected by change of routing (those having external IP addresses).
> What I'll try on Monday is using IPSec by itself (in transport mode),
> and GRE by itself, and see if in any of those two cases I'll get the
> same problem (might send question to Netfilter list too).
Well, I think I might have found bug in Netfilter.
If I define IPSec in transport mode between two hosts, and than try to
ping one
host from the other, Netfilter is not placing the returning packet
(ping reply)
into established state. The quick and easy workaround is defining IPSec in
tunneling mode and using endpoint IP addresses as SRCNET and DSTNET.
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
More information about the CentOS
mailing list