On 2010-03-12, Claudio Jeker <cje...@diehard.n-r-g.com> wrote: > On Fri, Mar 12, 2010 at 12:28:33AM +0000, Stuart Henderson wrote: >> On 2010-03-10, Massimo Lusetti <mass...@cedoc.mo.it> wrote: >> > Hi misc, >> > I got a 4.5 box which act as a perimeter ipsec routing gateway, it >> > has 682 flow (by ipsecctl -sf | wc -l). >> > >> > Some of this flow are up with a static route to the other point of the >> > ipsec tunnel and some of these routes are changing dynamically (netstat >> > shows UGHMS flags). >> > > > Wow that's a strange flag combo. Why is S & M set together? > Hmm. Another strange routing thing I need to have a loot at. > Most probably the cloning is done wrong.
Hmm, does it have to be cloned? Couldn't this be the result of route add -host, and then receiving a redirect? Massimo, what command are you using to add these static routes? >> > When these routes changes dynamically my tunnel fall cause i cannot >> > reach my tunnel endpoint anymore. >> > >> > Probably these redirect are coming from some ciscozze with HSRP or >> > something and I've already asked the ciscozze admin to look without any >> > luck so I guess I've to do something on my side and I'm here to ask for >> > hints. >> >> M flag - yes, that's from a redirect. sysctl net.inet.icmp.rediraccept=0 >> should prevent them from being accepted, but there will be a reason >> why you're getting them, you should try and work out what this is...
