[Click] IPsec work and question about Linux routing?

[Markku Savela]

On 04/17/2012 01:15 PM, Markku Savela wrote:
> /proc/sys/net/ipv4/conf/tun0/rp_filter = 0
>
> so I'm currently stymied on what is causing the
> packet drop in kernel... anyone?

Ok, one more time


eth1: 192.168.0.14/24
tum0: 10.0.0.1/8

It seems that with rp_filter disabled, I get
packets from tun0 forwarded just fine, UNLESS
the scr=192.168.0.14 (e.g. the source address
of my eth1).

It would be IDEAL, if tun device had option to
allow me to leave the src unspecified and it
would fill in the source depending on the
final interface....

...but, anyway, anyone have any idea how to
disable this last obstacle? With this src I
see (enable "martians log")

Apr 17 13:53:29 kone kernel: [  886.879109] martian source 192.168.0.15 
from 192.168.0.14, on dev tun0
Apr 17 13:53:30 kone kernel: [  887.878864] martian source 192.168.0.15 
from 192.168.0.14, on dev tun0

which are supposed to come only if "rp_filter" is enabled,
and I have it disabled...