[Click] IPsec work and question about Linux routing?
Markku Savela
Markku.Savela at vtt.fi
Tue Apr 17 04:37:49 EDT 2012
On 04/16/2012 10:50 AM, Markku Savela wrote:
> The simple usermode test configuration (attached) does not
> quite do what I want: it does not route the tunneled packets
> coming in from tun0 (src=192.168.0.14, dst=192.168.0.15) to
> eth1 as I expected (packets seem to disappear, I see them
> on tun0 using wireshark).
I'm getting frustrated, this seems so simple thing, but can't
figure out why linux doesn't do the right thing by default,
it has all the required information, and shouldn't need any
additional iptable rules and such
eth1: 192.168.0.14/24
tup0: 10.0.0.1/8
dst=10.0.0.2 -> tap0 (click adds tunnel dst->192.168.0.15) -> tun0
Kernel sees packet dst=192.168.0.14 from tun0, it should be
obvious for the kernel, that it should be forwarded to eth1.
So far, I've following
/proc/sys/net/ipv4/conf/tun0/rp_filter = 0
/proc/sys/net/ipv4/ip_forward = 1
/proc/sys/net/ipv4/conf/tun0/forwarding = 1
..is there still some mystery toggles that need to be
turned on?
All I need is very simple: packets coming from tun0 into
kernel should simply be passed to standard routing
logic.
More information about the click
mailing list