gif interface listener problem?

[Oleg Tarasov]

Hello,

One of my servers still runs FreeBSD 4.11. It has two internet
connections from two different providers.

First of them is used for common internet access and the second is
dedicated for a tunnel between offices.

Lets mark IPs in this way
rl0 - main interface
rl1 - tunnel interface
xxx.xxx.xxx.xxx - IP of main internet interface
XXX.XXX.XXX.XXX - IP of gateway for main interface
yyy.yyy.yyy.yyy - IP of tunnel interface
YYY.YYY.YYY.YYY - IP of gateway for tunnel interface
zzz.zzz.zzz.zzz - IP of endpoint for tunnel

I have configured policy routing using ipfw in a such way (simplifyed):

add fwd YYY.YYY.YYY.YYY all from yyy.yyy.yyy.yyy out xmit rl0
add fwd XXX.XXX.XXX.XXX all from xxx.xxx.xxx.xxx out xmit rl1
add allow ipencap from any to any via rl1
add allow all from any to any via gif0
...

gif tunnel is configured in a such way:
gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
        tunnel inet yyy.yyy.yyy.yyy --> zzz.zzz.zzz.zzz
        inet 192.168.200.1 --> 192.168.201.1 netmask 0xffffffff

The default route is to XXX.XXX.XXX.XXX
if a route
 zzz.zzz.zzz.zzz -> YYY.YYY.YYY.YYY
is manually created, everything works fine. But in this case ALL
traffic to host zzz.zzz.zzz.zzz is routed through rl1 interface and
this is unacceptable as all of rl1 bandwidth is reserved for tunneling
important interactive data.
If there is no manual route we have (dumping rl1 interface):
- all outgoing ipencap traffic goes well
- all incoming traffic comes in rl1 but is lost (gif0 interface is
empty)

It seems that gif interface listens for ipencap on the interface that
is on route to destination but not at its source (yyy.yyy.yyy.yyy in
my case).

How can I force gif to listen on correct interface? Maybe this is
corrected in later versions of FreeBSD? Should I upgrade that box?

-- 
Best regards,
 Oleg Tarasov                          mailto:subscriber at osk.com.ua