fff-gateway: Send ICMP errors using inbound ifaddr

When using NATs and tunnels at the same time, the correct source address has to be used so the ICMP errors is sent through the NAT. This is necessary so the NAT can modify the ICMP payload so it is correctly identified by the destination host, which is required for PMTUD Fixes: #142 Signed-off-by: Fabian Bläse <fabian@blaese.de> Reviewed-by: Christian Dresel <fff@chrisi01.de> Reviewed-by: Robert Langhammer <rlanghammer@web.de> [bump PKG_RELEASE] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-02 19:55:02 +02:00 · 2020-08-02 19:55:02 +02:00 · c91e2d03ec
parent 24be8ecdda
commit c91e2d03ec
2 changed files with 4 additions and 1 deletions
--- a/src/packages/fff/fff-gateway/Makefile
+++ b/src/packages/fff/fff-gateway/Makefile
@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=fff-gateway
-PKG_RELEASE:=5
+PKG_RELEASE:=6

 PKG_BUILD_DIR:=$(BUILD_DIR)/fff-gateway

--- a/src/packages/fff/fff-gateway/files/etc/sysctl.d/60-fff-gateway.conf
+++ b/src/packages/fff/fff-gateway/files/etc/sysctl.d/60-fff-gateway.conf
@ -3,3 +3,6 @@ net.ipv4.conf.all.forwarding=1
 net.ipv4.ip_forward=1
 net.ipv6.conf.all.forwarding=1
 net.ipv6.conf.default.forwarding=1
+
+# Use inbound ifaddr for icmp errors to ensure correct PMTUD when using far-away NAT
+net.ipv4.icmp_errors_use_inbound_ifaddr=1