Multiple default gateway from tinc node
Guus Sliepen
guus at tinc-vpn.org
Tue May 2 18:36:16 CEST 2017
On Tue, May 02, 2017 at 09:53:15PM +0800, Bright Zhao wrote:
> When tinc daemon get up on A(together with some manual scripts for destination to 8.8.8.8), the route table looks like below:
> 10.0.0.0/24 dev tun0
> 10.0.0.3 dev tun0
> 8.8.8.8 via 10.0.0.3 dev tun0
IPv4 packets have only two addresses in their header: the source and the
destination address. If you want to send a packet to 8.8.8.8, the
destination address of the packet will always be 8.8.8.8, regardless of
how it is forwarded via the network.
Imagine that your local node would replace the destination address with
10.0.0.3, then the information about the final destination (8.8.8.8)
would be lost.
The "via 10.0.0.3" only has an effect on Ethernet networks. Ethernet
doesn't know about IPv4 or IPv6, it only knows about MAC addresses. What
"via 10.0.0.3" does is that when it has to send a packet to 8.8.8.8, it
sets the IPv4 header's destination address to 8.8.8.8, but it sets the
Ethernet header's destination address to the MAC address of the host
which has the address 10.0.0.3. It figured out the last part by doing
ARP resolution.
It's perhaps a bit confusing that there is no error message when you try
to add such a route, even though the "via 10.0.0.3" part doesn't do
anything. It's just ignored for non-Ethernet networks. Also, on some
(older) BSD platforms, you could not add a route to a "dev tun0", you
could only identify interfaces by their IP address. So there the
equivalent of "via" would have an effect, but also not the one you
intended.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20170502/1305d04e/attachment.sig>
More information about the tinc
mailing list