[ previous ] [ next ] [ threads ]
 
 From:  "Chris Buechler" <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Setting Authoritative DNS Server to Server across VPN
 Date:  Thu, 20 Apr 2006 00:11:01 -0400 
On 4/19/06, Mat Murdock <mmurdock underscore lists at kimballequipment dot com> wrote:
>  I will try this.  I was wondering if you could educate me a little bit on
> what this means, and what it might affect.
>
>  There's an annoying but mostly harmless side-effect to this - every LAN
> packet to the tunnel elicits a no-change ICMP Redirect.
>

When you have a static route, and the firewall thinks it can tell you
a better route to use for packets to that destination IP in the
future, it'll send your client machine an ICMP redirect pointing the
machine to what it thinks is the more direct route.  In this case,
since the route points to where the packet was sent in the first
place, it's a no-change ICMP redirect.  Ideally it shouldn't send one
at all.

Annoying since it's unnecessary, but it won't hurt anything.

-Chris