Bjoern A. Zeeb <[EMAIL PROTECTED]> wrote on 27 Nov 2008 16:47: > > Now I want to tunnel between my 192.168.90.0/24 and a foreign > > 192.168.200.0/24. So I assigned 192.168.90.254/32 to lo2 and created > > a static route. > > So if you don't mind to go out with a source address of 192.168.90.1 > instead of .254, what about this hack. What happens if you change the > route to > route change -net 192.168.200.0/24 192.168.90.2 > (assuming the .2 is not on your local machine).
That works for the router, but for incoming packets on the internal interface (from -net 192.168.90.0/24) the machine will send an ICMP redirect to new router 192.168.90.2. Of course that is a black hole. When I use the route to own interface address (route change -net 192.168.200.0/24 192.168.90.1) it works, but also for every incoming packet an ICMP redirect is sent. So that solution is a workaround for short time only. Does anybody have a better solution for source address selection? Am I the only one with an IPSEC tunnel? -- Frank Behrens, Osterwieck, Germany PGP-key 0x5B7C47ED on public servers available. _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
