Problem with new source address selection
frank at harz.behrens.de
Thu Nov 27 22:53:11 PST 2008
Bjoern A. Zeeb <bzeeb-lists at lists.zabbadoz.net> wrote on 27 Nov 2008 16:47:
> > Now I want to tunnel between my 192.168.90.0/24 and a foreign
> > 192.168.200.0/24. So I assigned 192.168.90.254/32 to lo2 and created
> > a static route.
> So if you don't mind to go out with a source address of 192.168.90.1
> instead of .254, what about this hack. What happens if you change the
> route to
> route change -net 192.168.200.0/24 192.168.90.2
> (assuming the .2 is not on your local machine).
That works for the router, but for incoming packets on the internal
interface (from -net 192.168.90.0/24) the machine will send an ICMP
redirect to new router 192.168.90.2. Of course that is a black hole.
When I use the route to own interface address
(route change -net 192.168.200.0/24 192.168.90.1) it works, but also
for every incoming packet an ICMP redirect is sent. So that solution
is a workaround for short time only.
Does anybody have a better solution for source address selection? Am
I the only one with an IPSEC tunnel?
Frank Behrens, Osterwieck, Germany
PGP-key 0x5B7C47ED on public servers available.
More information about the freebsd-net