ifconfig <point-to-point-iface> <ip> <dest> add route "<dest> <ip>"
to table -- why?
Lev Serebryakov
lev at serebryakov.spb.ru
Wed Dec 17 11:57:17 PST 2008
Hello, Freebsd-net.
Why does adding address and destination for point-to-point interface
add route for destination address? It is not always right. For
example, many providers have VPN concentrator address same as "remote
end" address and this default create loop -- VPN packets (TCP, UDP or
GRE ones)goes into tunnel itself, ooops, host locked up... It could be
fixed by deleting route right after tunnel creation via if-up script.
But second problem doesn't have good solution, read ahead...
Another problem, created by this default, is like this: if we have
routing record for other tunnel end already (because it IS VPN server
and we NEED routing to it to CREATE tunnel!), me can not assign tunnel
interface address and connection fails :( I don't see any workaround
for this :(
--
// Black Lion AKA Lev Serebryakov <lev at serebryakov.spb.ru>
More information about the freebsd-net
mailing list