From c91e2d03ecaef6e87790b34e2e88e3370fee7a64 Mon Sep 17 00:00:00 2001 From: Fabian Blaese Date: Sun, 2 Aug 2020 19:55:02 +0200 Subject: [PATCH] fff-gateway: Send ICMP errors using inbound ifaddr MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When using NATs and tunnels at the same time, the correct source address has to be used so the ICMP errors is sent through the NAT. This is necessary so the NAT can modify the ICMP payload so it is correctly identified by the destination host, which is required for PMTUD Fixes: #142 Signed-off-by: Fabian Bläse Reviewed-by: Christian Dresel Reviewed-by: Robert Langhammer [bump PKG_RELEASE] Signed-off-by: Adrian Schmutzler --- src/packages/fff/fff-gateway/Makefile | 2 +- .../fff/fff-gateway/files/etc/sysctl.d/60-fff-gateway.conf | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/src/packages/fff/fff-gateway/Makefile b/src/packages/fff/fff-gateway/Makefile index 790aeb3..6a9afd0 100644 --- a/src/packages/fff/fff-gateway/Makefile +++ b/src/packages/fff/fff-gateway/Makefile @@ -1,7 +1,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=fff-gateway -PKG_RELEASE:=5 +PKG_RELEASE:=6 PKG_BUILD_DIR:=$(BUILD_DIR)/fff-gateway diff --git a/src/packages/fff/fff-gateway/files/etc/sysctl.d/60-fff-gateway.conf b/src/packages/fff/fff-gateway/files/etc/sysctl.d/60-fff-gateway.conf index 62bda1b..885afb7 100644 --- a/src/packages/fff/fff-gateway/files/etc/sysctl.d/60-fff-gateway.conf +++ b/src/packages/fff/fff-gateway/files/etc/sysctl.d/60-fff-gateway.conf @@ -3,3 +3,6 @@ net.ipv4.conf.all.forwarding=1 net.ipv4.ip_forward=1 net.ipv6.conf.all.forwarding=1 net.ipv6.conf.default.forwarding=1 + +# Use inbound ifaddr for icmp errors to ensure correct PMTUD when using far-away NAT +net.ipv4.icmp_errors_use_inbound_ifaddr=1