Re: reach a remote LAN through IPSEC from the router

Mon, 10 Feb 2014 07:45:33 -0800 

> 10 feb 2014 kl. 16:10 skrev Aurelien Martin <[email protected]>:
> 
> Hi Mitja,
> 
> When I add the route manually it's working like a charm.
> 
> But after that, all machines of my LAN ping with this following form 
> (Redirect Host). What does it mean ? For me the router rewrite the 
> destination that create an overhead.
> 
> 
> $ ping 192.168.10.1
> PING 192.168.10.1 (192.168.10.1): 56 data bytes
> 36 bytes from 192.168.20.254: Redirect Host(New addr: 192.168.20.254)
> Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
> 4  5  00 0054 85ff   0 0000  40  01 4b56 192.168.30.2 192.168.10.1

I had a similar problem and it turned out that I had to allow redirects on my 
OpenBSD and Linux servers. I did this on OpenBSD by modifying /etc/sysctl.conf:

net.inet.icmp.rediraccept=1     # 1=Accept ICMP redirects

I believe there are smarter ways, but this was the easy way for me. 

> 
> 
> Cheers,Aurelien
> 
> 
> Le 02/10/2014 04:03 PM, Mitja Muženič a écrit :
>> A simple trick is to add a manual route for the remote LAN to the internal
>> interface of your router.
>> 
>> 
>>> -----Original Message-----
>>> From: [email protected] [mailto:[email protected]] On Behalf
>>> Of Aurelien Martin
>>> Sent: Monday, February 10, 2014 3:59 PM
>>> To: [email protected]
>>> Subject: reach a remote LAN through IPSEC from the router
>>> 
>>> Dear all,
>>> 
>>> I'm linked to another LAN trough IPSEC. Everything is working except,
>>> if
>>> I try to reach the remote LAN from my OpenBSD router.
>>> 
>>> In this case, the router use the default interface (wan) instead of the
>>> IPSEC tunneling.
>>> 
>>> I would like to be able to reach the remote LAN due to a service on the
>>> router that need to reach it
>>> 
>>> Please follow the log in attachment (schema-and-logs.txt +
>>> ipsec-pf-route.txt)
>>> 
>>> Any idea ?
>>> 
>>> I already try to add a dirty route that's working, but create overhead
>>> 
>>>     $ ping 192.168.10.1
>>>     PING 192.168.10.1 (192.168.10.1): 56 data bytes
>>>     36 bytes from 192.168.20.254: Redirect Host(New addr:
>>> 192.168.20.254)
>>>     Vr HL TOS  Len   ID Flg  off TTL Pro  cks  Src      Dst
>>>       4  5  00 0054 85ff   0 0000  40  01 4b56 192.168.20.2
>>> 192.168.10.1
>>> 
>>> 
>>> 
>>> Have a good day
>>> Cheers,Aurelien

Reply via email to