On 2018-05-05 Martin Pieuchot <m...@openbsd.org> wrote: > On 03/05/18(Thu) 17:19, Christopher Zimmermann wrote: > > On 2018-05-03 Martin Pieuchot <m...@openbsd.org> wrote: > > > On 02/05/18(Wed) 14:45, Christopher Zimmermann wrote: > > > > On 2018-05-02 Martin Pieuchot <m...@openbsd.org> wrote: > > > > > On 02/05/18(Wed) 11:47, Christopher Zimmermann wrote: > > > > > > I just want to bring this up again. Can some network guru give me > > > > > > an ok > > > > > > or some feedback please? > > > > > > > > > > Can you explain with words why we shouldn't send a redirect? The > > > > > comment above your diff states clearly: > > > > > > > > > > "If forwarding packet using same interface that it came in on, > > > > > perhaps should send a redirect to sender to shortcut a hop." > > > > > > > > > > So you're suggesting no to do that, why? > > > > > > > > That's not exactly what I'm suggesting. > > > > > > > > In this setting: > > > > > > > > A 192.168.4.7 <--> 192.168.4.1 Gateway 192.168.1.1 <--> 192.168.1.2 B > > > > > > > > I observed this senseless redirect: > > > > > > > > 192.168.4.1 > 192.168.4.7: icmp: redirect 192.168.1.2 to host > > > > 192.168.4.1 > > > > in plain language it means: > > > > "Hi 192.168.4.7, I'm 192.168.4.1. You sent me a packet for 192.168.1.2. > > > > I'm not the best route, next time send it to 192.168.4.1." > > > > So the gateway is instructing host 192.168.4.7 to use gateway > > > > 192.168.4.1 instead of 192.168.4.1. (this is not a typo!) > > > > > > How does your routing table looks like? > > > > % doas ifconfig vlan2 > > > > vlan2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 > > > > > > index 7 priority 0 llprio 3 > > encap: vnetid 2 parent em2 > > status: active > > inet 192.168.4.1 netmask 0xfffffff0 broadcast 192.168.4.15 > > % doas route -n show -inet > > Routing tables > > > > Internet: > > Destination Gateway Flags Refs Use Mtu Prio > > Iface > > default 62.27.93.143 UGS 5 63324 - 8 > > pppoe0 > > 224/4 127.0.0.1 URS 0 0 32768 8 lo0 > > 62.27.93.143 85.212.225.8 UHh 1 1 - 8 > > pppoe0 > > 85.212.225.8 85.212.225.8 UHl 0 1589 - 1 > > pppoe0 > > 127/8 127.0.0.1 UGRS 0 0 32768 8 lo0 > > 127.0.0.1 127.0.0.1 UHhl 9 1131 32768 1 lo0 > > 192.168.0/22 192.168.4.1 UGS 0 314 - 8 > > vlan2 <- this is the culprit > > 192.168.4.0/28 192.168.4.1 UCn 2 0 - 4 > > vlan2 > > > > You'll note I manually (Flag S) added this rather senseless route to gateway > > 192.268.4.1 (Flag G), which is the very same machine. > > See, that's why the redirect message doesn't make sense. Because it > uses the info from this route. Now What I'm not getting is where did > you configured 192.168.1.1?
It's the IP of the other end of the IPsec tunnel. -- http://gmerlin.de OpenPGP: http://gmerlin.de/christopher.pub 2779 7F73 44FD 0736 B67A C410 69EC 7922 34B4 2566
