Hi,
I have the following environment in different "places":
Internet <- Mikrotik+OSPF <- LAN <- linux router+OSPF (in LAN) <- VPN (OpenVPN, tap + OSPF)
The servers in the LAN does have the Mikrotik as default gateway.
As a sample,
VPN host: 172.17.16.1
Mikrotik 172.16.8.240
Linux router (sato) 172.16.8.7
Linux generic box (sarin) 172.16.8.14
When i try to connect from a host in the VPN, i'm not able to reach the Linux generic box (sarin, 172.16.8.14).
But if i *ping* the Linux generic box, this is working.
Just after the ping, in the linux routing table (cache) the proper record pop in.
# ip route show cache
172.17.16.1 via 172.16.8.7 dev eth0
cache <redirected> expires 298sec
I was testing 6.47.8 and 6.49.7 version of Mikrotik.
I've not seen any changelog line related to ICMP redirect, or redirect which are not for http(s) and similar protocol.
I've made a tcpdump and the following can be observed:
- when i make tcp a connection *without* having the routing cache, i see a 108 bytes ICMP redirect from Mikrotik to the Linux generic box
- still the Linux generic box ignore it (the cache is not populated)
- when i make a udp connection *without* having the routing cache, i see a 132 bytes ICMP redirect from Mikrotik to the Linux generic box
- the Linux generic box immediately populate the entry in the routing cache
- when i make a udp connection *with* the routing cache (eg, because i pinged the host) the connection works (clearly, the local routing table override the generic as intended)
I've not asked the Linux kernel/networking team, but with pfsense this setup is working (at least by memory) without any issue.
Unfortunately, i don't have anymore the pfsense setup to be tested.
Also, i wish to come back with more meaningful information to them, eventually.
Seems to me that the problem can be related to the *kind*/*content* of ICMP redirect.
As mentioned, the 108 bytes sent for a TCP redirect are ignored, the 132 bytes ICMP redirect are accepted.
I'm attaching the tcpdump output.
Any help is welcome.
Thanks,
Daniel (he/him)