Hello,
Scenario:
On central router:
Interface to border A IP 10.0.1.2/24
Interface to border B IP 10.0.2.2/24
Interface to workstation IP 10.0.3.1/24 (this is the LAN gateway IP)
No NAT on this example scenario. Assume all IP are internet valid for this example purpose.
No Bridge.
Default gateway: 10.0.2.1 (BORDER B)
Workstation: IP 10.0.3.2
Traceroute from workstation to internet, it goes well, every hop it show the correct ip, passing by Border B:
1 - Workstation
2 - 10.0.3.1
3 - 10.0.2.1
4 - Internet
The problem is when i do a traceroute, from internet to 10.0.3.2
1 - Internet
2 - Border B
3 - 10.0.1.2 (Should be 10.0.2.2)
4 - Workstation (10.0.3.2)
This is the problem, it respond using the IP on the other interface, not the interface used.
It answer using the interface IP for border A, but the packet goes really to BORDER B.
I did sniff packets on both border routers and it packet go back using router B, only the packet contain the wrong IP in reply.
Sniffing on border A, no packets found.
Sniffing on border B, traceroute packets found. Also the replies.
So, if the packet goes back to the right router, why it does inform a wrong ip address on reply headers??
Is there a solution?
Tested in RB1100 Version 5 (latest)
Tested in CCR-1016-12G version 6.1
Same issue.
Please help.
Some people would ask why i care...
I just want to understand and make it reply with correct IP address.
I also have a VPN to do some home office work and allocated a /30 CIDR to this VPN. And another /30 to one machine in home.
If you traceroute from internet to this machine in home, i will go trough VPN correctly, but it reports my ADSL ip in the middle.
I don't want that, but i also don't want to just drop the packet in filters.
Help me with any information you can.
Thank you.
EDIT:
Forgot to mention, i have the scenario in the image, and ALSO another one with a VPN client at another RB in HOME and VPN server is at CENTRAL Router.
Same issue with RB in HOME.