lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Sat, 11 Feb 2012 12:29:59 +0100
From:	Eric Dumazet <>
To:	Rick Koshi <>
Subject: Re: Multiple GRE tunnels on the same host, only one routes incoming

Le samedi 11 février 2012 à 05:40 -0500, Rick Koshi a écrit :
> I'm having a routing problem on CentOS 6.2 (kernel 2.6.32-220)
> Here's the setup:  One host is on my local network.  It's talking
> to two nearly identical hosts at a remote location.  The two remote
> hosts are on all the same networks, acting as redundant backups
> for each other.
> I set up two GRE tunnels from the local host, one to each
> remote host:
>     ip tunnel add name tunnel1 mode gre local remote
>     ip link set dev tunnel1 up
>     ip route add dev tunnel1 metric 101
>     ip tunnel add name tunnel2 mode gre local remote
>     ip link set dev tunnel2 up
>     ip route add dev tunnel2 metric 102
> Outgoing packets route properly, no problem.  Incoming packets
> are weird.  It appears that whichever tunnel has the route
> with the higher metric (tunnel2 in the example above) will
> ignore incoming packets.  They come in all right, and can be
> seen on the local machine with 'tcpdump -i tunnel2', but they
> are not routed properly to the local networks.  They're simply
> dropped.  I can switch the two metrics, and then tunnel1 will
> drop all incoming packets.  The tunnel with the lower route
> metric will route packets properly, both incoming and outgoing.
> Is this "working as designed?"  What I'd like to have happen,
> of course, is for all packets on both tunnels to be properly
> forwarded.  Is this possible?

check :

grep . `find /proc/sys -name rp_filter`

To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to
More majordomo info at

Powered by blists - more mailing lists