On 2010-03-10, Massimo Lusetti <[email protected]> wrote: > Hi misc, > I got a 4.5 box which act as a perimeter ipsec routing gateway, it > has 682 flow (by ipsecctl -sf | wc -l). > > Some of this flow are up with a static route to the other point of the > ipsec tunnel and some of these routes are changing dynamically (netstat > shows UGHMS flags). > > When these routes changes dynamically my tunnel fall cause i cannot > reach my tunnel endpoint anymore. > > Probably these redirect are coming from some ciscozze with HSRP or > something and I've already asked the ciscozze admin to look without any > luck so I guess I've to do something on my side and I'm here to ask for > hints.
M flag - yes, that's from a redirect. sysctl net.inet.icmp.rediraccept=0 should prevent them from being accepted, but there will be a reason why you're getting them, you should try and work out what this is...
