-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEl5evOTfnjZdhkBzKaPxTRM3nQSAFAl+ee84ACgkQaPxTRM3n
QSCVhg/+IFGCHXdf4k/vJRLcVsUbjDjNsGUPQdaoNKwXIIGyh1L7lQVa/IGzvQGn
3aG6ujX8ABXMws3KOESH5Ej82VNNPNZO3lRRMbZlUqHLC1B73dBDFnKy7oEDxvi+
kp0GJwyxcaBSJjOcysYAxQXX+q6A35r1y64NOCR7SbXJKdqGsDIBE2YqrlnoHsCn
+5gIxTdqtXXMVa1OtBLY3uwoqVGWA41HUjNdUaDRZLkFb86UstRAkRmrQwwXLS/v
61ME4WQ3UEugX9QnYr1tl+l9bew5pbbK/aLIH4cjAyrPvTuE8KZFJKmWU5l0DAll
ea4DZFpPehbJMQhZAgKzZZay4JlAWvu4rx2NQB6haseenkz4aQ0cTK3BB71ryBvy
TvELj9hFcOhM7BoT+R7+pJcX5bU6JzD6DpohAj9w7PojtKV8Rs2VMHM/WrSDASdi
mroZDlz3nJgF1S9fJLSj6BO1iZGRgyOAiNqMVWj8btXH5gjN4w3VEGtljxQyTGbj
yL0Yq/OTXwia9NvU26OIXqyNdKy3nnD5VfY5GZ3qDwdde0a8NO1OuRTETQ5dMm/a
sQ3HwNol70CUVQZIdmSKlfJ6dUnq3p8qYDBNtZqLrIucGcAcsrk8imrYUeY/ikPd
vZGW/+kFzr/f8gGfJXuEFRCqnOsZTuO3vblRDlQL5ATUfZr1sUQ=
=F6nC
-----END PGP SIGNATURE-----
Hi Rudy,
thanks for answering.
I have a default route and I had success while using localhost as gateway in the past.
But static routes do no longer help. I tried your proposal with a fictive gateway. No chance.
Would be interesting, if the same bug happens with wireguard.
> Am 01.11.2020 um 02:10 schrieb Rudy Baker <rizzz2pro@gmail.com>:
>
> I might be off, maybe the problem was fixed in later releases but on OpenBSD 5 if I had an IPsec tunnel to a network with no actual route in the routing table for that network (and no default gateway), things wouldn't be routed through the tunnel.
I'm not aware of any fix or official statement since 4.x
Time to move away from OpenBSD. )-:
>
> I could even set up a route that led to a bogus gateway just so that there was a route to the network in the table and it would obey the tunnel. A default gateway would fix the issue too since that traffic would match that.
>
> So I would say make sure you have a route to the network across the tunnel or even a default gateway set. It sounds dumb since on every other os on the planet IPsec creates routes but seems on BSD, you need to have a real route defined before it falls through to the IPsec routes and sends the traffic through that.
>
> It's a long shot but hope it helps
Axel
---
PGP-Key: CDE74120 ☀ computing @ chaos claudius
No comments:
Post a Comment