lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <201202111040.q1BAeESi014636@hope.more-right-rudder.com>
Date:	Sat, 11 Feb 2012 05:40:14 -0500
From:	"Rick Koshi" <netdev@...e-right-rudder.com>
To:	netdev@...r.kernel.org
Subject: Multiple GRE tunnels on the same host, only one routes incoming packets


I'm having a routing problem on CentOS 6.2 (kernel 2.6.32-220)

Here's the setup:  One host is on my local network.  It's talking
to two nearly identical hosts at a remote location.  The two remote
hosts are on all the same networks, acting as redundant backups
for each other.

I set up two GRE tunnels from the local host, one to each
remote host:
    ip tunnel add name tunnel1 mode gre local 10.2.1.2 remote 10.2.1.1
    ip link set dev tunnel1 up
    ip route add 172.16.1.0/24 dev tunnel1 metric 101

    ip tunnel add name tunnel2 mode gre local 10.2.1.4 remote 10.2.1.3
    ip link set dev tunnel2 up
    ip route add 172.16.1.0/24 dev tunnel2 metric 102

Outgoing packets route properly, no problem.  Incoming packets
are weird.  It appears that whichever tunnel has the route
with the higher metric (tunnel2 in the example above) will
ignore incoming packets.  They come in all right, and can be
seen on the local machine with 'tcpdump -i tunnel2', but they
are not routed properly to the local networks.  They're simply
dropped.  I can switch the two metrics, and then tunnel1 will
drop all incoming packets.  The tunnel with the lower route
metric will route packets properly, both incoming and outgoing.

Is this "working as designed?"  What I'd like to have happen,
of course, is for all packets on both tunnels to be properly
forwarded.  Is this possible?

    -- Rick
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ