This message was posted anonymously:
I have been trying to establish a tunnel between
two linux boxes (v2.2.9). I have been successful, but only
if I have reciprocal tunnels on each machine configured.
I would prefer not to have the reverse tunnel established.
What follows is a description of the case where the
encapsulation does not work.
I have two boxes (Box A and Box B). I am trying to send
an IPIP encapsulated datagram from Box A to Box B. I want
packets from B to A to return unencapsulated. My assumption
is that I would not establish the tunnel device on Box B.
When the tunnel is not configured on B, tcpdump (on B) shows
an ICMP message of protocol unreachable is returned (to A)
the udp protocol. For a test, I tried sending a udp
packet (thus the udp protocol unreachable). When I tried
other protocols, I received the equivalent protocol
ICMP message. BTW, these protocols work without the
IPIP encapsulation. In this situation, I have loaded the
module on box B.
I think I am trying to implement triangle routing as in
Mobile IP. I have looked at some of the mobile IP
on the net and I don't seem to be doing anything different.
my assumption correct that I do not need to establish the
I looked at the ipip.c code and the function ipip_rcv
seems to requires the existence of a reciprocal tunnel on
of the ipip datagram or the Protocol Unreachable ICMP
is sent. There is a line that checks to see if an equivalent
tunnel exists and if not the ICMP message is sent. Am I
interpreting this correctly?
Any help would be greatly appreciated.