Yes, that is what I believe is happening - the kernel is replying to the decapsulated ping packet, and because the diversion of outgoing packets does not (for some reason known only to the kernel architects) occur, the reply doesn't get routed to the encapsulator and is therefore not sent to the tunnel-only host.
Remember, the gateway is a FreeBSD system, not Linux. The kernel and networking implementation is very different. - Brian
On Wed, Oct 03, 2018 at 11:19:38PM +0200, Rob Janssen wrote:
I believed the problem with pinging from tunneled hosts was still there, but if it works for you, I must have forgotten.
It is a bit unclear what is going on. From a host that is exclusively on the IPIP mesh the ping does not return (I see only the outgoing IPIP packet). From a host that is both on the IPIP mesh and BGP-routed on internet it does work. It looks like it replies "directly" (via the BGP route) to the replies sent as IPIP.
Rob
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net