Antony Antony via Devel wrote: > When enabling support for xfrm lookup using reverse ICMP payload, > We have identified an issue where the source address of the IPv4 e.g > "Destination Host Unreachable" message is incorrect. The IPv6 appear > to do the right thing. One thing that operators of routers with a multitude of interfaces want to do is send all ICMP messages from a specific IP address. Often the public address, that has the sane reverse DNS name. AFAIK, this is not an option on Linux, but Cisco/Juniper/etc. devices usually can do this. I can't recall how today. (I was actually looking that up this week) This can conflict however, with the need to get the result back into the tunnel. I don't have a good answer, except that we probably need a fair bit of flexibility, with some good automatically discovered defaults.