On 1/2/21 4:08 AM, Steve L via 44Net wrote:
You are correct there are a number of gateways with errors
The most common logged error is "3 [19] dropped: non-44 inner source address"
A common problem is users sending tunneled packets with their public IP as the source address in the inner header. That often happens when routing and applications are done on the same machine, applications are offered on the public IP, and a simple routing table without policy routing is used.
I.e. there is no separate routing table for the tunnel traffic, but rather everything is in a single table. When a request is sent to the public IP from a net44 source (being routed over the public internet), the reply is routed back via the IPIP tunnel mesh. Wrong.
One should use policy routing so that traffic from non-net44 addresses in the own network is routed directly to the internet default gw, and only traffic with net44 source address is routed via the IPIP mesh.
The examples on www.ampr.org show how to do that in Linux. (the "ip rule" stuff)
Rob