Re: linux-ipsec: unencrypted pings from OpenBSD 2.2_9

-----BEGIN PGP SIGNED MESSAGE----- To: Richard Guy Briggs <rgb@conscoop.ottawa.on.ca> Subject: Re: linux-ipsec: unencrypted pings from OpenBSD 2.2_9 Cc: petr@eunet.cz (Petr Novak), linux-ipsec@clinet.fi Date: 03/25/98, 17:34:15

In message <199803251846.NAA04964@conscoop.ottawa.on.ca>, Richard Guy Briggs wr ites:
>
>rt 192.168.2.105 255.255.255.255 192.168.2.110 255.255.255.255 -1 -1 -1
>192.168.2.110 525 1
>

You also need this line:

rt 0.0.0.0 255.255.255.255 192.168.2.110 255.255.255.255 -1 -1 -1 192.168.2.110 525 1

The reason is that ICMP passes to IP a packet with a zero-source IP address (since, unlike TCP -- and I guess UDP -- it doesn't do a route lookup in advance).
- -Angelos

-----BEGIN PGP SIGNATURE-----

Version: 2.6.3i
Charset: noconv
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQCVAwUBNRmGZ70pBjh2h1kFAQEUMQQAnnuxtdMu710zk0oOH9xSyA8qLUu6DqpV ulP3XKkwyjP0wAsMsMbj5pRCZw+H+7JE3o5NS01iGL+OdjzUIkCzt4U0iSs2kcaS XLHVQU38pWW/fbKDlaU6/Jpze0DHXncyJ3k51iMgYBTG5g1Nsd8tSzayxfj6dWmU xXjUhtEw+AQ=
=wYn7
-----END PGP SIGNATURE----- Received on Wed Mar 25 17:41:44 1998