27 Mar
2020
27 Mar
'20
8:07 a.m.
So all traffic received on IPIP tunnels should be from
net44 only in our case. Unfortunately not all of it is.
Can you elaborate on the traffic that isn't,
please?
Is this traffic from another operator...or a
non-operator?
Can you also elaborate if this traffic forwards in any
cases?
As I explained before, what I sometimes DO see is IPIP traffic from gateway A.B.C.D with
an internal
packet with source A.B.C.D and destination 44.137.X.Y (inside our network). That traffic
should have
been sent with source address 44.P.Q.R in the internal packet, where 44.P.Q.R is the net44
address
of that specific gateway at A.B.C.D.
As I got repeated logs in the firewall of these occurrences (one was from a Polish
gateway, I remember)
I added a firewall rule to allow such traffic. The reply will of course be routed
directly over
internet, not via the tunnel, so it is questionable if the connection would get
established. Probably
not, when the user has the typical stateful firewall on his internet connection.
Yesterday I have removed the extra rule and I am watching the firewall log, but I have not
yet observed
another instance of this error after about 12 hours. So maybe some people have woken up
and fixed their
config already.
Rob