Ping Redirect



  • Hello

    I have setup an IPsec tunnel using pf 2.0.

    Traffic and ping are ok for every computer on the LAN - 192.168.X.0/24 - to the remote network - 192.168.I.0/24
    Traffic or ping are not ok from pf LAN gw - 192.168.X.Y

    Problem comes with remote network domain name resolution using DNS forwarder.

    As a workaround, I added:

    • a gateway on LAN interface with pf IP address (192.168.X.Y)
    • a static route to remote network via LAN GW (192.168.I.0/24 via 192.168.X.Y)
      -> traffic and ping are now ok for pf gw to remote network, but… I get ping redirect message when pinging from a machine on the LAN network (192.168.X.Z), to a machine on the remote network (192.168.I.J).
    
    36 bytes from pf.lan (192.168.X.Y): Redirect Host(New addr: 192.168.I.J)
    Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
     4  5  00 0054 97c5   0 0000  40  01 e41c 192.168.X.Z  192.168.I.J
    
    64 bytes from 192.168.I.J: icmp_seq=0 ttl=62 time=52.776 ms
    36 bytes from pf.lan (192.168.X.Y): Redirect Host(New addr: 192.168.I.J)
    Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
     4  5  00 0054 13f2   0 0000  40  01 67f0 192.168.X.Z  192.168.I.J
    
    64 bytes from 192.168.I.J: icmp_seq=1 ttl=62 time=50.836 ms
    
    

    Is it the correct solution?
    What are the best practices in such a situation?
    Can we avoid having a LAN GW and static route for DNS resolution?
    Is it possible to avoid the ping redirect?

    Thank you.


  • Rebel Alliance Developer Netgate

    The ICMP redirect is what allows you to reach the other network via the other gateway. That redirect is normal.



  • My bad. Thank you for answering.


Log in to reply