Re: [LARTC] track tunnel connections

[Darryl Miles <lartc-list@the-morg.org>]

petrch@regnet.cz wrote:

>I have this:
>
>publicIP(server)-netA--internet(netC)--netB--172.26.3.0/24
>
>I have tunnel between netA and netB. The tunnel is
>for manage some network devices what are using
>private IP from network 172.26.3.0/24.
>Now if I ping from publicIP (it could be server
>with nagios). Echo request
>packet is routed through tunnel and reaches 172.26.3.1(device)
>but echo reply is routed via default route on netB gateway
>and NATed out to internet.
>
>Question: Could I somehow discover that echo request traveled
>by tunnel so reply should take same way?
>  
>

What tunneling technology are you using (IPIP, GRE, VPN 
(ESP/AH/PPTP/...) ) ?  

Normally you'd configure the tunnel endpoint routers at both sites to 
have recipriocal routing entries for each others subnet.  Also configure 
on the endpoint hosts a black hole routing entry with a higher metric 
than the tunnel, so that "Network Unreachables" are correctly returned 
in the event the tunnel is not configured / down.  This is also one 
measure you can use to stop tunneled data from accidentally escaping 
onto the Internet.

But your subnets need to be correctly configured around the endpoint 
router so no discovery of the route is necessary by the hosts on the subnet.


So I ask: Does your network topology really need to be able to discover 
tunnel(s) ?   Routing protocols exist for this very application, but 
they generally are to allow two routers to discover each others routes, 
not for hosts to discover routes.  Its not clear if the issue of route 
discovery is really your problem or just the subnets aren't configured 
correctly ?


Darryl


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/